cbcvebase.
CVE-2002-1347
published 2002-12-18

CVE-2002-1347: Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via…

PriorityP428critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
7.08%
93.4th percentile
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.

Affected

11 ranges
VendorProductVersion rangeFixed in
applemac_os_x< 10.3.810.3.8
applemac_os_x_server< 10.3.810.3.8
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
carnegie_mellon_universitycyrus_imap_server
cyrusimapcyrus_sasl<= 2.1.9
debiancyrus-imapd< cyrus-imapd 1.5.19-9.10 (bookworm)cyrus-imapd 1.5.19-9.10 (bookworm)
debiancyrus-sasl2< cyrus-sasl2 2.1.10-1 (bookworm)cyrus-sasl2 2.1.10-1 (bookworm)

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.