Back to search
CVE-2003-0143
Published: Sep 1, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
GLSA-200303-12
vendor-advisory
x_refsource_GENTOO
7058
vdb-entry
x_refsource_BID
SuSE-SA:2003:018
vendor-advisory
x_refsource_SUSE
20030310 QPopper 4.0.x buffer overflow vulnerability
mailing-list
x_refsource_BUGTRAQ
20030314 [OpenPKG-SA-2003.018] OpenPKG Security Advisory (qpopper)
mailing-list
x_refsource_BUGTRAQ
DSA-259
vendor-advisory
x_refsource_DEBIAN
qpopper-popmsg-macroname-bo(11516)
vdb-entry
x_refsource_XF
20030312 Re: QPopper 4.0.x buffer overflow vulnerability
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now