CVE-2002-0391 Affecting glibc package, versions <2.2.5-13
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
EPSS
85.02% (99th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-GLIBC-356731
- published 12 Aug 2002
- disclosed 12 Aug 2002
Introduced: 12 Aug 2002
CVE-2002-0391 Open this link in a new tabHow to fix?
Upgrade Debian:10
glibc
to version 2.2.5-13 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc
package and not the glibc
package as distributed by Debian
.
See How to fix?
for Debian:10
relevant fixed versions and status.
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
References
- ADVISORY
- AIXAPAR
- BUGTRAQ
- BUGTRAQ
- CALDERA
- CERT
- Cert Vulnerability Note
- CONECTIVA
- CONECTIVA
- Debian Security Advisory
- Debian Security Advisory
- Debian Security Advisory
- Debian Security Advisory
- Debian Security Advisory
- ENGARDE
- HP
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- ISS
- MANDRAKE
- MS
- MS
- NETBSD
- Oval Security
- Oval Security
- Oval Security
- RedHat Security Advisory
- RedHat Security Advisory
- Security Focus
- SGI
- SGI
- XF
- cve@mitre.org
- cve@mitre.org
- cve@mitre.org
- cve@mitre.org
- cve@mitre.org