CVE-2002-2368
NEC SOCKS5 < 1.0r11 - Remote Code Execution via Long Username
Title source: llmDescription
Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Connection function in proxy.c for the SOCKS4 module.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5145
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9485.php
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-07/0033.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5147
Scores
EPSS
0.0689
EPSS Percentile
93.3%
Details
CWE
CWE-119
Status
published
Products (1)
nec/socks_5
< 1.0r11
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026