CVE-2003-0026

6 documents6 sources

Severity

7.5HIGH

EPSS

12.4%

top 6.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Dhcpd

Timeline

PublishedJan 17

Latest updateApr 29

Description

Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDisc/dhcpd3.0, 3.0.1+1

Patches

Patch: www.cert.org ↗Patch: www.debian.org ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-jgfq-29vq-wj6m: Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3↗2022-04-29

▶

CVEList

CVE-2003-0026: Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3↗2003-01-16

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS - ASP Stack Overflow (MS06-034)↗2006-07-21

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-01-15

▶

💬Community

Bugzilla

CVE-2003-0026 security flaw↗2018-08-16

▶