cbcvebase.
CVE-2003-0143
published 2003-03-18

CVE-2003-0143: The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated…

PriorityP340critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
8.60%
94.4th percentile
The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.

Affected

4 ranges
VendorProductVersion rangeFixed in
qualcommqpopper
qualcommqpopper
qualcommqpopper
qualcommqpopper
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.