CVE-2003-0122Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Lotus Domino

3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
23.0%
top 4.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Lotus DominoIBM Lotus Notes Client
Timeline
PublishedMar 18
Latest updateApr 29

Description

Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDibm/lotus_notes_client10 versions+9
NVDibm/lotus_domino19 versions+18

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-4xh6-vg29-gg96: Buffer overflow in Notes server before Lotus Notes R4, R5 before 52022-04-29
CVEList
CVE-2003-0122: Buffer overflow in Notes server before Lotus Notes R4, R5 before 52004-09-01
CVE-2003-0122 — IBM Lotus Domino vulnerability | cvebase