CVE-2003-0694

2003-10-0604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sendmail

prescan function

buffer overflow

cve-2003-0694

nvd

parseaddr function

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.057 Low

EPSS

Percentile

93.3%

JSON

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

CPENameOperatorVersion
sendmail:sendmail_switchsendmail sendmail switcheq2.1.2
sendmail:sendmail_switchsendmail sendmail switcheq3.0.2
sendmail:sendmail_switchsendmail sendmail switcheq2.2.2
sendmail:sendmailsendmaileq2.6.2
sendmail:sendmailsendmaileq8.9.2
sendmail:sendmail_switchsendmail sendmail switcheq2.1.1
sendmail:sendmailsendmaileq8.11.4
sendmail:sendmailsendmaileq8.8.8
sendmail:sendmailsendmaileq8.12
sgi:irixsgi irixeq6.5.17f

CPE	Name	Operator	Version
sendmail:sendmail_switch	sendmail sendmail switch	eq	2.1.2
sendmail:sendmail_switch	sendmail sendmail switch	eq	3.0.2
sendmail:sendmail_switch	sendmail sendmail switch	eq	2.2.2
sendmail:sendmail	sendmail	eq	2.6.2
sendmail:sendmail	sendmail	eq	8.9.2
sendmail:sendmail_switch	sendmail sendmail switch	eq	2.1.1
sendmail:sendmail	sendmail	eq	8.11.4
sendmail:sendmail	sendmail	eq	8.8.8
sendmail:sendmail	sendmail	eq	8.12
sgi:irix	sgi irix	eq	6.5.17f