CVE-2002-1215

Published Oct 28, 2002

Last updated 16 years ago

Overview

Description: Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources).
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:linux-ha:heartbeat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D2BFEC4-AC06-4F3F-92E4-951431588499",
            "versionEndIncluding": "0.4.9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References