CVE-2003-0028
glibc - integer overflow
EPSS 56.1%
Description
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
How to fix CVE-2003-0028
To remediate CVE-2003-0028, upgrade the affected package to a fixed version below.
- Debian/dietlibc—upgrade to 0.22-2 or later
- Debian/dietlibc—upgrade to 0.12-2.5 or later
- —upgrade to 2.3.1-16 or later
- —upgrade to 2.2.5-11.5 or later
- —upgrade to 1.3.3-2 or later
- —upgrade to 1.2.4-5woody4 or later
Is CVE-2003-0028 being exploited?
Likely — EPSS is 56.1%, placing CVE-2003-0028 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (6)
- from 0, < 0.22-2
- from 0, < 0.12-2.5
- from 0, < 2.3.1-16
- from 0, < 2.2.5-11.5
- from 0, < 1.3.3-2
- from 0, < 1.2.4-5woody4