Vulnerability in Qualcomm Qpopper
CVE-2003-0143
The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long…
EPSS: 0.086 (94.4th percentile) — read the EPSS interpretation.
Affected products
- Qualcomm Qpopper — versions 4.0.1, 4.0.2, 4.0.3
- N/a — versions n/a
References
- cve@mitre.org (vendor-advisory, x_refsource_GENTOO)
- cve@mitre.org (Exploit, Patch, vdb-entry, x_refsource_BID, Vendor Advisory)
- cve@mitre.org (vendor-advisory, x_refsource_SUSE)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (vendor-advisory, Patch, x_refsource_DEBIAN, Vendor Advisory)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)