Buffer Overflow in QPopper 4.0.x by Internet Communications Engine
CVE-2003-0143

Currently unrated

Key Information:

Vendor: Qualcomm
Status: Qpopper
Vendor: CVE Published:; 18 March 2003

Summary

The pop_msg function in QPopper versions 4.0.x prior to 4.0.5fc2 contains a vulnerability due to improper handling of message buffers resulting in a lack of null termination. This flaw allows authenticated users to exploit a buffer overflow when utilizing the mdef command with excessively long macro names, potentially leading to the execution of arbitrary code.

References

http://marc.info/?l=bugtraq&m=104792541215354&w=2

vendor-advisoryx_refsource_GENTOO

http://www.securityfocus.com/bid/7058

vdb-entryx_refsource_BID

http://www.novell.com/linux/security/advisories/2003_018_...

vendor-advisoryx_refsource_SUSE

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 18, 2003
Vulnerability Reserved
Mar 13, 2003