CVE-2002-2368

Name of the Vulnerable Software and Affected Versions NEC SOCKS5 versions 1.0 r11 and earlier

Description The issue is related to multiple buffer overflows that can be triggered by remote attackers, potentially leading to a denial of service and possibly the execution of arbitrary code. This can occur via a long username to either the GetString function in proxy.c for the SOCKS5 module or the HandleS4Connection function in proxy.c for the SOCKS4 module.

Recommendations For NEC SOCKS5 versions 1.0 r11 and earlier, consider restricting access to the GetString and HandleS4Connection functions in proxy.c until a patch is available. As a temporary workaround, limit the length of the username parameter to prevent buffer overflows. At the moment, there is no information about a newer version that contains a fix for this issue.