Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0525

4 documents4 sources
Severity
10.0CRITICAL
EPSS
4.4%
top 11.05%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
ISC INN
Timeline
PublishedAug 12
Latest updateApr 30

Description

Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDisc/inn6 versions+5

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-xrg7-wh2g-5jmq: Format string vulnerabilities in (1) inews or (2) rnews for INN 22022-04-30
CVEList
CVE-2002-0525: Format string vulnerabilities in (1) inews or (2) rnews for INN 22002-06-11

💥Exploits & PoCs

1
Exploit-DB
ISC INN 2.0/2.1/2.2.x - Multiple Local Format String Vulnerabilities2002-04-11
CVE-2002-0525 (CRITICAL CVSS 10) | Format string vulnerabilities in (1 | cvebase.io