CVE-2002-1232

2002-11-0405:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-1232

memory leak

ypserv

ypserv 2.5

nis package

denial of service

nvd

6.5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.041 Low

EPSS

Percentile

92.0%

JSON

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

CPENameOperatorVersion
debian:debian_linuxdebian debian linuxeq2.2
debian:debian_linuxdebian debian linuxeq3.0
redhat:linuxredhat linuxeq7.0
redhat:linuxredhat linuxeq6.2
redhat:linuxredhat linuxeq7.2
redhat:linuxredhat linuxeq7.1
redhat:linuxredhat linuxeq7.3
hp:secure_oshp secure oseq1.0

CPE	Name	Operator	Version
debian:debian_linux	debian debian linux	eq	2.2
debian:debian_linux	debian debian linux	eq	3.0
redhat:linux	redhat linux	eq	7.0
redhat:linux	redhat linux	eq	6.2
redhat:linux	redhat linux	eq	7.2
redhat:linux	redhat linux	eq	7.1
redhat:linux	redhat linux	eq	7.3
hp:secure_os	hp secure os	eq	1.0