CVE-2002-1347

9.8 CRITICAL
Published: December 18, 2002 Modified: April 16, 2026
View on NVD

Description

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html
Source: cve@mitre.org
Broken Link
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557
Source: cve@mitre.org
Broken Link
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Source: cve@mitre.org
Mailing List
http://marc.info/?l=bugtraq&m=103946297703402&w=2
Source: cve@mitre.org
Mailing List Patch
http://www.debian.org/security/2002/dsa-215
Source: cve@mitre.org
Broken Link
http://www.redhat.com/support/errata/RHSA-2002-283.html
Source: cve@mitre.org
Broken Link
http://www.securityfocus.com/advisories/4826
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/6347
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/6348
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/6349
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10810
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10811
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10812
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=103946297703402&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Patch
http://www.debian.org/security/2002/dsa-215
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.redhat.com/support/errata/RHSA-2002-283.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/advisories/4826
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/6347
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/6348
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/6349
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10810
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10811
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10812
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry

26 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
10.0%
93th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-131

Affected Vendors

apple cyrusimap

Related CVEs

CVE-2026-40962 4.9
CVE-2026-40505 3.3
CVE-2026-40504 9.8
CVE-2026-3299 6.4
CVE-2026-40960 8.1