Integer Overflow Vulnerability in XDR Libraries Affecting Multiple Vendors
CVE-2003-0028

Currently unrated

Key Information:

Vendor: Gnu
Status: Glibc; Irix; Openafs; Kerberos 5
Vendor: CVE Published:; 25 March 2003

Summary

A vulnerability exists in the xdrmem_getbytes() function and potentially other functions within XDR (External Data Representation) libraries, which are derived from SunRPC. This vulnerability can be exploited by remote attackers who provide specific integer values in length fields, leading to arbitrary code execution. This can affect libraries such as libnsl, libc, glibc, and dietlibc, posing significant security risks to systems relying on these libraries.

References

http://www.linuxsecurity.com/advisories/engarde_advisory-...

vendor-advisoryx_refsource_ENGARDE

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/...

mailing-listx_refsource_VULNWATCH

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRAKE

EPSS Score

56% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 25, 2003
Vulnerability Reserved
Jan 10, 2003