VDB
CVE-2002-1318
CVE-2002-1318
PUBLISHED
CVSS 10 CRITICAL
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.
EPSS 75.04% · 98.9th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
75.04%
98.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| samba | samba | 2.2.3, 2.2.6, 2.2.5 |
| hp | cifs-9000_server | a.01.08, a.01.08.01, a.01.09 |
| n/a | n/a | n/a |
| sgi | irix | 6.5.11, 6.5.12, 6.5.13 |
Timeline
- Dec 11, 2002 CVE Published
- Mar 23, 2017 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Aug 9, 2023 EPSS Score
References
- oval:org.mitre.oval:def:1467 vdb
- VU#958321 third-party-advisory
- CLA-2002:550 vendor-advisory
- samba-password-change-bo(10683) vdb
- SuSE-SA:2002:045 vendor-advisory
- http://us1.samba.org/samba/whatsnew/samba-2.2.7.html url
- 20021121 GLSA: samba mailing-list
- DSA-200 vendor-advisory
- HPSBUX0212-230 vendor-advisory
- 20021129 [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba) mailing-list
- N-019 third-party-advisory
- 6210 vdb
- RHSA-2002:266 vendor-advisory
- 53580 vendor-advisory
- 20021204-01-I vendor-advisory
- MDKSA-2002:081 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2002-1318 advisory