CVE-2002-0735Use of Externally-Controlled Format String in Squid Auth Ldap

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.8%
top 17.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
C-note Squid Auth LdapPadl Software NSS LdapPadl Software PAM Ldap+1 more
Timeline
PublishedAug 12
Latest updateApr 30

Description

Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

NVDc-note/squid_auth_ldap4 versions+3
debiandebian/squid
NVDpadl_software/nss_ldap12 versions+11
NVDpadl_software/pam_ldapbuild_143

🔴Vulnerability Details

1
GHSA
GHSA-g6h3-4wm6-7hpq: Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 22022-04-30

📋Vendor Advisories

1
Debian
CVE-2002-0735: squid - Format string vulnerability in the logging() function in C-Note Squid LDAP authe...2002