Buffer overflow vulnerability in Sendmail's prescan() function in parseaddr.c

Buffer overflow vulnerability in Sendmail's prescan() function in parseaddr.c

CVE-2003-0161 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

Learn more about our Web Application Penetration Testing UK.