CVE-2003-0028
Last modified
CVE-2003-0028 is a vulnerability of currently unknown severity. Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.. EPSS estimates a 15.03% chance of exploitation in the next 30 days.
Description
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Glibc | 2.1 |
| Gnu | Glibc | 2.1.1 |
| Gnu | Glibc | 2.1.2 |
| Gnu | Glibc | 2.1.3 |
| Gnu | Glibc | 2.2 |
| Gnu | Glibc | 2.2.1 |
| Gnu | Glibc | 2.2.2 |
| Gnu | Glibc | 2.2.3 |
| Gnu | Glibc | 2.2.4 |
| Gnu | Glibc | 2.2.5 |
| Gnu | Glibc | 2.3 |
| Gnu | Glibc | 2.3.1 |
| Gnu | Glibc | 2.3.2 |
| Mit | Kerberos 5 | 1.2 |
| Mit | Kerberos 5 | 1.2.1 |
| Mit | Kerberos 5 | 1.2.2 |
| Mit | Kerberos 5 | 1.2.3 |
| Mit | Kerberos 5 | 1.2.4 |
| Mit | Kerberos 5 | 1.2.5 |
| Mit | Kerberos 5 | 1.2.6 |
| Mit | Kerberos 5 | 1.2.7 |
| Openafs | Openafs | 1.0 |
| Openafs | Openafs | 1.0.1 |
| Openafs | Openafs | 1.0.2 |
| Openafs | Openafs | 1.0.3 |
| Openafs | Openafs | 1.0.4 |
| Openafs | Openafs | 1.0.4a |
| Openafs | Openafs | 1.1 |
| Openafs | Openafs | 1.1.1 |
| Openafs | Openafs | 1.1.1a |
| Openafs | Openafs | 1.2 |
| Openafs | Openafs | 1.2.1 |
| Openafs | Openafs | 1.2.2 |
| Openafs | Openafs | 1.2.2a |
| Openafs | Openafs | 1.2.2b |
| Openafs | Openafs | 1.2.3 |
| Openafs | Openafs | 1.2.4 |
| Openafs | Openafs | 1.2.5 |
| Openafs | Openafs | 1.2.6 |
| Openafs | Openafs | 1.3 |
| Openafs | Openafs | 1.3.1 |
| Openafs | Openafs | 1.3.2 |
| Sgi | Irix | 6.5 |
| Sgi | Irix | 6.5.1 |
| Sgi | Irix | 6.5.2 |
| Sgi | Irix | 6.5.2f |
| Sgi | Irix | 6.5.2m |
| Sgi | Irix | 6.5.3 |
| Sgi | Irix | 6.5.3f |
| Sgi | Irix | 6.5.3m |
Showing 50 of 152 affected configurations. See NVD for the full list.
References
- http://www.cert.org/advisories/CA-2003-10.htmlPatch, Third Party Advisory, US Government Resource
- http://www.eeye.com/html/Research/Advisories/AD20030318.htmlExploit, Vendor Advisory
- http://www.kb.cert.org/vuls/id/516825US Government Resource
- http://www.cert.org/advisories/CA-2003-10.htmlPatch, Third Party Advisory, US Government Resource
- http://www.eeye.com/html/Research/Advisories/AD20030318.htmlExploit, Vendor Advisory
- http://www.kb.cert.org/vuls/id/516825US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2003-0028?
How severe is CVE-2003-0028?
How do I fix CVE-2003-0028?
Are you affected by CVE-2003-0028?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST