CVE-2002-1661 | Vulnerability Database | Aqua Security

The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group.

Affected Software

Name	Vendor	Start Version	End Version
Leafnode	Leafnode	1.9.19 (including)	1.9.19 (including)
Leafnode	Leafnode	1.9.20 (including)	1.9.20 (including)
Leafnode	Leafnode	1.9.21 (including)	1.9.21 (including)
Leafnode	Leafnode	1.9.22 (including)	1.9.22 (including)
Leafnode	Leafnode	1.9.23 (including)	1.9.23 (including)
Leafnode	Leafnode	1.9.24 (including)	1.9.24 (including)
Leafnode	Leafnode	1.9.25 (including)	1.9.25 (including)
Leafnode	Leafnode	1.9.26 (including)	1.9.26 (including)
Leafnode	Leafnode	1.9.27 (including)	1.9.27 (including)
Leafnode	Leafnode	1.9.29 (including)	1.9.29 (including)

References

http://leafnode.sourceforge.net/leafnode-SA-2002-01.txt
http://marc.info/?l=bugtraq\u0026m=104127108823436\u0026w=2
http://marc.info/?l=bugtraq\u0026m=104152295210075\u0026w=2
http://secunia.com/advisories/7799
http://secunia.com/advisories/7801
http://secunia.com/advisories/7870
http://www.mandriva.com/security/advisories?name=MDKSA-2003:005
http://www.securityfocus.com/bid/6490
http://www.securitytracker.com/id?1005865
https://exchange.xforce.ibmcloud.com/vulnerabilities/10942

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-1661
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html