VDB
CVE-2003-0213
CVE-2003-0213
PUBLISHED
CVSS 7.5 HIGH
ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.
EPSS 76.06% · 98.9th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
76.06%
98.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| poptop | pptp_server | 1.0.1, 1.1.2, 1.1.4b1 |
Timeline
- Apr 26, 2003 CVE Published
- Nov 23, 2010 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 11, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 20030418 Exploit for PoPToP PPTP server mailing-list
- SuSE-SA:2003:029 vendor-advisory
- VU#673993 third-party-advisory
- 7316 vdb
- http://sourceforge.net/project/shownotes.php?release_id=138437 url
- DSA-295 vendor-advisory
- 20030422 Re: Exploit for PoPToP PPTP server - Linux version mailing-list
- 20030409 PoPToP PPTP server remotely exploitable buffer overflow mailing-list
- 20030428 GLSA: pptpd (200304-08) mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2003-0213 advisory