Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.
Max CVSS
7.5
EPSS Score
25.50%
Published
2004-12-31
Updated
2017-10-11
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
Max CVSS
10.0
EPSS Score
17.22%
Published
2003-04-02
Updated
2018-10-30
2 vulnerabilities found