CVE-2003-0161
sendmail-wide - char-to-int conversion
EPSS 60.1%
Description
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
How to fix CVE-2003-0161
To remediate CVE-2003-0161, upgrade the affected package to a fixed version below.
- Debian/sendmail—upgrade to 8.12.9-1 or later
- —upgrade to 8.12.3-6.3 or later
- —upgrade to 8.12.3+3.5Wbeta-5.4 or later
Is CVE-2003-0161 being exploited?
Likely — EPSS is 60.1%, placing CVE-2003-0161 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (3)
- from 0, < 8.12.9-1
- from 0, < 8.12.3-6.3
- from 0, < 8.12.3+3.5Wbeta-5.4