VDB

CVE-2003-0028

CVE-2003-0028 PUBLISHED CVSS 7.5 HIGH

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

EPSS 56.05% · 98.1th percentile

Risk Scores

CVSS 2.0
7.5
EPSS Score
56.05%
98.1th percentile

Affected Products

VendorProductVersions
sgiirix6.5.12, 6.5.12f, 6.5.12m
sunsolaris9.0, 9.0, 8.0
crayunicos8.3, 6.1, 7.0
openbsdopenbsd2.6, 2.0, 2.1
mitkerberos_51.2.7, 1.2.4, 1.2.1
hphp-ux11.00, 10.24, 11.20
ibmaix4.3.3, 5.2, 5.1
freebsdfreebsd4.6.2, 4.1, 4.1.1
n/an/an/a
sunsunos5.8, 5.7, 5.5.1
gnuglibc2.3.1, 2.1, 2.1.1
hphp-ux_series_70010.20
openafsopenafs1.3.2, 1.3, 1.3.1
hphp-ux_series_80010.20

Timeline

  • Mar 21, 2003 CVE Published
  • Sep 23, 2010 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • Jul 17, 2023 EPSS Score

References

…and 7 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›