CVE-2002-1337

Name: CVE-2002-1337
Creator: NVD / NIST
Published: 2003-03-07T05:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 72.20%

Last modified Jun 16, 2026

CVE-2002-1337 is a vulnerability of currently unknown severity. Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.. EPSS estimates a 72.20% chance of exploitation in the next 30 days.

Description

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Metrics

EPSS Probability

72.20%

99.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-120

Affected Software

Vendor	Product	Versions	Update
Sendmail	Sendmail	< 8.9.3	—
Sendmail	Sendmail	>= 8.10.0, < 8.11.6	—
Sendmail	Sendmail	>= 8.12.0, < 8.12.8	—
Hp	Alphaserver Sc	All versions	—
Gentoo	Linux	1.4	Rc1
Hp	Hp-Ux	10.10	—
Hp	Hp-Ux	10.20	—
Hp	Hp-Ux	11.00	—
Hp	Hp-Ux	11.0.4	—
Hp	Hp-Ux	11.11	—
Hp	Hp-Ux	11.22	—
Netbsd	Netbsd	1.5	—
Netbsd	Netbsd	1.5.1	—
Netbsd	Netbsd	1.5.2	—
Netbsd	Netbsd	1.5.3	—
Netbsd	Netbsd	1.6	—
Oracle	Solaris	2.6	—
Oracle	Solaris	7.0	—
Oracle	Solaris	8	—
Oracle	Solaris	9	—
Sun	Sunos	All versions	—
Sun	Sunos	5.7	—
Sun	Sunos	5.8	—
Windriver	Bsdos	4.2	—
Windriver	Bsdos	4.3.1	—
Windriver	Bsdos	5.0	—
Windriver	Platform Sa	1.0	—

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.ascBroken Link
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5Broken Link
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-PBroken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571Broken Link
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028Broken Link
http://marc.info/?l=bugtraq&m=104673778105192&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=104678739608479&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862109841&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862409849&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=104679411316818&w=2Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=onlyBroken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=onlyBroken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=onlyBroken Link
http://www.cert.org/advisories/CA-2003-07.htmlBroken Link, Patch, Third Party Advisory, US Government Resource
http://www.debian.org/security/2003/dsa-257Broken Link
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950Broken Link, Patch, Vendor Advisory
http://www.iss.net/security_center/static/10748.phpBroken Link
http://www.kb.cert.org/vuls/id/398025Third Party Advisory, US Government Resource
http://www.redhat.com/support/errata/RHSA-2003-073.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2003-074.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2003-227.htmlBroken Link
http://www.securityfocus.com/bid/6991Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
http://www.sendmail.org/8.12.8.htmlBroken Link, Patch, Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222Broken Link
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.ascBroken Link
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5Broken Link
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-PBroken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571Broken Link
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028Broken Link
http://marc.info/?l=bugtraq&m=104673778105192&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=104678739608479&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862109841&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=104678862409849&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=104679411316818&w=2Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=onlyBroken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=onlyBroken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=onlyBroken Link
http://www.cert.org/advisories/CA-2003-07.htmlBroken Link, Patch, Third Party Advisory, US Government Resource
http://www.debian.org/security/2003/dsa-257Broken Link
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950Broken Link, Patch, Vendor Advisory
http://www.iss.net/security_center/static/10748.phpBroken Link
http://www.kb.cert.org/vuls/id/398025Third Party Advisory, US Government Resource
http://www.redhat.com/support/errata/RHSA-2003-073.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2003-074.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2003-227.htmlBroken Link
http://www.securityfocus.com/bid/6991Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
http://www.sendmail.org/8.12.8.htmlBroken Link, Patch, Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222Broken Link

Timeline

Published: Mar 7, 2003
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2002-1337?

How severe is CVE-2002-1337?

Severity scoring for CVE-2002-1337 is pending analysis. The EPSS model estimates a 72.20% probability of exploitation in the next 30 days.

How do I fix CVE-2002-1337?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2002-1337?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST