What is CVE-2003-0213?

CVE-2003-0213 is a vulnerability in N/a. Published 2003-04-26.

Is CVE-2003-0213 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2003-0213

ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.

EPSS: 0.761 (98.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20030418 Exploit for PoPToP PPTP server (mailing-list, x_refsource_BUGTRAQ)
SuSE-SA:2003:029 (vendor-advisory, x_refsource_SUSE)
VU#673993 (x_refsource_CERT-VN, third-party-advisory)
7316 (vdb-entry, x_refsource_BID)
sourceforge.net/project/shownotes.php (x_refsource_CONFIRM)
DSA-295 (vendor-advisory, x_refsource_DEBIAN)
20030422 Re: Exploit for PoPToP PPTP server - Linux version (mailing-list, x_refsource_BUGTRAQ)
20030409 PoPToP PPTP server remotely exploitable buffer overflow (mailing-list, x_refsource_BUGTRAQ)
20030428 GLSA: pptpd (200304-08) (mailing-list, x_refsource_BUGTRAQ)

Frequently asked questions

What is CVE-2003-0213?: CVE-2003-0213 is a vulnerability in N/a. Published 2003-04-26.
Is CVE-2003-0213 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.