Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Connection function in proxy.c for the SOCKS4 module.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
NEC Socks5代理用户名远程缓冲区溢出漏洞
Vulnerability Description
Socks5是一款由NEC分发的免费开放源代码的代理实现,可使用在Unix、Linux、Microsoft Windows操作系统下。 Socks5在处理用户名时存在漏洞,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击。 在Socks5中的proxy.c中,由于对用户提交的用户名数据缺少正确的边界检查,远程攻击者可以提交超过132字节的用户名给Socks5处理,可导致产生缓冲区溢出,精心构建提交的用户名数据可能以Socks5进程的权限在系统上执行任意指令。 问题代码存在于proxy.c中: proxy.c:
CVSS Information
N/A
Vulnerability Type
N/A