CVE-2002-2368

NEC SOCKS5 < 1.0r11 - Remote Code Execution via Long Username

Title source: llm
STIX 2.1

Description

Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Connection function in proxy.c for the SOCKS4 module.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5145
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9485.php
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-07/0033.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5147

Scores

EPSS 0.0689
EPSS Percentile 93.3%

Details

CWE
CWE-119
Status published
Products (1)
nec/socks_5 < 1.0r11
Published Dec 31, 2002
Tracked Since Feb 18, 2026