Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0849

6 documents4 sources
Severity
7.5HIGH
EPSS
7.7%
top 8.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Cfengine
Timeline
PublishedNov 17
Latest updateApr 29

Description

Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgnu/cfengine9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-6q3f-pvg5-m3gm: Buffer overflow in net2022-04-29
CVEList
CVE-2003-0849: Buffer overflow in net2003-10-09

💥Exploits & PoCs

3
Exploit-DB
GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (2)2003-11-04
Exploit-DB
GNU CFEngine 2.-2.0.3 - Remote Stack Overflow2003-09-27
Exploit-DB
GNU CFEngine 2.0.x - CFServD Transaction Packet Buffer Overrun (1)2003-09-25
CVE-2003-0849 (HIGH CVSS 7.5) | Buffer overflow in net.c for cfengi | cvebase.io