CVE-2002-1347

Name: CVE-2002-1347
Creator: NVD / NIST
Published: 2002-12-18T05:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 7.08%

Last modified Jun 16, 2026

CVE-2002-1347 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.. EPSS estimates a 7.08% chance of exploitation in the next 30 days.

Description

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

7.08%

93.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-131

Affected Software

Vendor	Product	Versions
Cyrusimap	Cyrus Sasl	<= 2.1.9
Apple	Mac Os X	< 10.3.8
Apple	Mac Os X Server	< 10.3.8

References

http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.htmlBroken Link
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557Broken Link
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.htmlMailing List
http://marc.info/?l=bugtraq&m=103946297703402&w=2Mailing List, Patch
http://www.debian.org/security/2002/dsa-215Broken Link
http://www.redhat.com/support/errata/RHSA-2002-283.htmlBroken Link
http://www.securityfocus.com/advisories/4826Broken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/6347Broken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/6348Broken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/6349Broken Link, Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10810Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10811Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10812Third Party Advisory, VDB Entry
http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.htmlBroken Link
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557Broken Link
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.htmlMailing List
http://marc.info/?l=bugtraq&m=103946297703402&w=2Mailing List, Patch
http://www.debian.org/security/2002/dsa-215Broken Link
http://www.redhat.com/support/errata/RHSA-2002-283.htmlBroken Link
http://www.securityfocus.com/advisories/4826Broken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/6347Broken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/6348Broken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/6349Broken Link, Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10810Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10811Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/10812Third Party Advisory, VDB Entry

Timeline

Published: Dec 18, 2002
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2002-1347?

How severe is CVE-2002-1347?

CVE-2002-1347 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 7.08% probability of exploitation in the next 30 days.

How do I fix CVE-2002-1347?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2002-1347?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST