CVE-2002-2295

Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a 1024-byte TCP stream message, which triggers an off-by-one buffer overflow, or (2) a long method name in an HTTP request, (3) a long version number in an HTTP request, (4) a long User-Agent header, or (5) a long file path.

Published: Dec 31, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-2295
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
pico_server / pico_server	2.0_beta_2	2.0_beta_2.x
pico_server / pico_server	2.0_beta_5	2.0_beta_5.x
pico_server / pico_server	2.0_beta_1	2.0_beta_1.x
pico_server / pico_server	2.0_beta_3	2.0_beta_3.x

http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2002-11/0457.html
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-12/0005.html
http://www.securiteam.com/securitynews/6Q0020A6AS.html
http://www.securityfocus.com/bid/6283
http://www.securityfocus.com/bid/6284
http://www.securityfocus.com/bid/6285
https://exchange.xforce.ibmcloud.com/vulnerabilities/10734
https://exchange.xforce.ibmcloud.com/vulnerabilities/10783
https://exchange.xforce.ibmcloud.com/vulnerabilities/10789

Vulnerability Database

290,278

CVE-2002-2295