CVE-2003-0252Off-by-one Error in Nfs-utils

CWE-193Off-by-one Error9 documents8 sources
Severity
9.8CRITICALNVD
EPSS
16.1%
top 5.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Linux-nfs Nfs-utils
Timeline
PublishedAug 18
Latest updateApr 29

Description

Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDlinux-nfs/nfs-utils< 1.0.4

Patches

Patch: marc.infoPatch: marc.info

🔴Vulnerability Details

3
GHSA
GHSA-69rx-rcww-qf58: Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 12022-04-29
OSV
CVE-2003-0252: Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 12003-08-18
CVEList
CVE-2003-0252: Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 12003-07-15

🔍Detection Rules

2
Suricata
GPL RPC mountd TCP mount path overflow attempt2010-09-23
Suricata
GPL RPC mountd UDP mount path overflow attempt2010-09-23

📋Vendor Advisories

2
Red Hat
security flaw2003-07-14
Debian
CVE-2003-0252: nfs-utils - Off-by-one error in the xlog function of mountd in the Linux NFS utils package (...2003

💬Community

1
Bugzilla
CVE-2003-0252 security flaw2018-08-16
CVE-2003-0252 — Off-by-one Error in Linux-nfs Nfs-utils | cvebase