CVE-2003-0143

Currently unrated

Key Information:

Vendor: Qualcomm
Status: Qpopper
Vendor: CVE Published:; 18 March 2003

Summary

The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.

References

http://marc.info/?l=bugtraq&m=104792541215354&w=2

vendor-advisoryx_refsource_GENTOO

http://www.securityfocus.com/bid/7058

vdb-entryx_refsource_BID

http://www.novell.com/linux/security/advisories/2003_018_...

vendor-advisoryx_refsource_SUSE

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 18, 2003
Vulnerability Reserved
Mar 13, 2003