Lucene search

[email protected]CVE-2002-0552

HistoryJul 03, 2002 - 4:00 a.m.

CVE-2002-0552

2002-07-0304:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

melange chat

buffer overflows

denial of services

remote attacks

8.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON

Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long argument in the /yell command, (2) long lines in the /etc/melange.conf configuration file, (3) long file names, or possibly other attacks.

CPENameOperatorVersion
melange:melange_chat_systemmelange melange chat systemeq2.0.2_beta_2

CPE	Name	Operator	Version
melange:melange_chat_system	melange melange chat system	eq	2.0.2_beta_2

References

archives.neohapsis.com/archives/bugtraq/2002-04/0157.html

online.securityfocus.com/archive/1/267932

www.iss.net/security_center/static/8842.php

www.iss.net/security_center/static/8845.php

www.iss.net/security_center/static/8846.php

www.securityfocus.com/bid/4508

www.securityfocus.com/bid/4509

www.securityfocus.com/bid/4510

8.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON