VDB
CVE-2003-0028
CVE-2003-0028
PUBLISHED
CVSS 7.5 HIGH
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
EPSS 56.05% · 98.1th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
56.05%
98.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sgi | irix | 6.5.12, 6.5.12f, 6.5.12m |
| sun | solaris | 9.0, 9.0, 8.0 |
| cray | unicos | 8.3, 6.1, 7.0 |
| openbsd | openbsd | 2.6, 2.0, 2.1 |
| mit | kerberos_5 | 1.2.7, 1.2.4, 1.2.1 |
| hp | hp-ux | 11.00, 10.24, 11.20 |
| ibm | aix | 4.3.3, 5.2, 5.1 |
| freebsd | freebsd | 4.6.2, 4.1, 4.1.1 |
| n/a | n/a | n/a |
| sun | sunos | 5.8, 5.7, 5.5.1 |
| gnu | glibc | 2.3.1, 2.1, 2.1.1 |
| hp | hp-ux_series_700 | 10.20 |
| openafs | openafs | 1.3.2, 1.3, 1.3.1 |
| hp | hp-ux_series_800 | 10.20 |
Timeline
- Mar 21, 2003 CVE Published
- Sep 23, 2010 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- ESA-20030321-010 vendor-advisory
- 20030319 EEYE: XDR Integer Overflow mailing-list
- MDKSA-2003:037 vendor-advisory
- RHSA-2003:052 vendor-advisory
- CA-2003-10 third-party-advisory
- https://security.netapp.com/advisory/ntap-20150122-0002/ url
- DSA-282 vendor-advisory
- 20030331 GLSA: krb5 & mit-krb5 (200303-28) mailing-list
- SuSE-SA:2003:027 vendor-advisory
- 20030319 RE: EEYE: XDR Integer Overflow mailing-list
- RHSA-2003:091 vendor-advisory
- AD20030318 third-party-advisory
- VU#516825 third-party-advisory
- 20030325 GLSA: glibc (200303-22) mailing-list
- NetBSD-SA2003-008 vendor-advisory
- 2003-0014 vendor-advisory
- 20030331 GLSA: dietlibc (200303-29) mailing-list
- RHSA-2003:051 vendor-advisory
- 20030319 EEYE: XDR Integer Overflow mailing-list
- oval:org.mitre.oval:def:230 vdb
…and 7 more