CVE-2003-0776

2003-09-2204:00:00

[email protected]

web.nvd.nist.gov

saned

sane-backends

cve-2003-0776

rpc

security issue

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

81.1%

JSON

saned in sane-backends 1.0.7 and earlier does not properly “check the validity of the RPC numbers it gets before getting the parameters,” with unknown consequences.

Affected configurations

NVD

Node

sanesaneMatch1.0.0

sanesaneMatch1.0.1

sanesaneMatch1.0.2

sanesaneMatch1.0.3

sanesaneMatch1.0.4

sanesaneMatch1.0.5

sanesaneMatch1.0.6

sanesaneMatch1.0.7

sanesaneMatch1.0.7_beta1

sanesaneMatch1.0.7_beta2

sanesaneMatch1.0.8

sanesaneMatch1.0.9

sanesane-backendMatch1.0.10

CPENameOperatorVersion
sane:sanesaneeq1.0.0
sane:sanesaneeq1.0.1
sane:sanesaneeq1.0.2
sane:sanesaneeq1.0.3
sane:sanesaneeq1.0.4
sane:sanesaneeq1.0.5
sane:sanesaneeq1.0.6
sane:sanesaneeq1.0.7
sane:sanesaneeq1.0.7_beta1
sane:sanesaneeq1.0.7_beta2

CPE	Name	Operator	Version
sane:sane	sane	eq	1.0.0
sane:sane	sane	eq	1.0.1
sane:sane	sane	eq	1.0.2
sane:sane	sane	eq	1.0.3
sane:sane	sane	eq	1.0.4
sane:sane	sane	eq	1.0.5
sane:sane	sane	eq	1.0.6
sane:sane	sane	eq	1.0.7
sane:sane	sane	eq	1.0.7_beta1
sane:sane	sane	eq	1.0.7_beta2