Lucene search

[email protected]CVE-2003-0721

HistorySep 17, 2003 - 4:00 a.m.

CVE-2003-0721

2003-09-1704:00:00

CWE-129

[email protected]

web.nvd.nist.gov

cve-2003-0721

integer signedness error

rfc2231_get_param

strings.c

pine

remote code execution

out-of-bounds array access.

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.083 Low

EPSS

Percentile

94.4%

JSON

Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.

Affected configurations

NVD

Node

washingtonpineRange<4.58

CPENameOperatorVersion
washington:pinewashington pinelt4.58

CPE	Name	Operator	Version
washington:pine	washington pine	lt	4.58

References

lists.grok.org.uk/pipermail/full-disclosure/2003-September/009850.html

marc.info/?l=bugtraq&m=106329356702508&w=2

marc.info/?l=bugtraq&m=106367213400313&w=2

www.idefense.com/advisory/09.10.03.txt

www.redhat.com/support/errata/RHSA-2003-273.html

www.redhat.com/support/errata/RHSA-2003-274.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A503

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.083 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2003-0721

nvd1 cvelist1 debiancve1 nessus4 openvas2 suse1 securityvulns1 redhat1 freebsd1