Unrated severityNVD Advisory· Published Mar 7, 2003· Updated Apr 16, 2026

CVE-2002-1337

Description

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Affected products

Sendmail, Inc./Sendmail
cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*
Range: <8.9.3
HP/Alphaserver Sc
cpe:2.3:h:hp:alphaserver_sc:*:*:*:*:*:*:*:*
Gentoo/Linux2 versions
cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*
HP/Hpux6 versions
cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
NetBSD/NetBSD5 versions
cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*
Oracle Corporation/Solaris4 versions
cpe:2.3:o:oracle:solaris:2.6:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:oracle:solaris:2.6:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:8:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*
Sun Corporation/Sunos3 versions
cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
Windriver/Bsdos3 versions
cpe:2.3:o:windriver:bsdos:4.2:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:windriver:bsdos:4.2:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:bsdos:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:windriver:bsdos:5.0:*:*:*:*:*:*:*
Windriver/Platform Sa
cpe:2.3:o:windriver:platform_sa:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cert.org/advisories/CA-2003-07.htmlnvdBroken LinkPatchThird Party AdvisoryUS Government Resource
www.iss.net/issEn/delivery/xforce/alertdetail.jspnvdBroken LinkPatchVendor Advisory
www.sendmail.org/8.12.8.htmlnvdBroken LinkPatchVendor Advisory
www.securityfocus.com/bid/6991nvdBroken LinkExploitPatchThird Party AdvisoryVDB EntryVendor Advisory
marc.infonvdThird Party Advisory
marc.infonvdThird Party Advisory
marc.infonvdThird Party Advisory
marc.infonvdThird Party Advisory
marc.infonvdThird Party Advisory
www.kb.cert.org/vuls/id/398025nvdThird Party AdvisoryUS Government Resource
ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.ascnvdBroken Link
ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6nvdBroken Link
ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5nvdBroken Link
patches.sgi.com/support/free/security/advisories/20030301-01-PnvdBroken Link
distro.conectiva.com.br/atualizacoes/nvdBroken Link
frontal2.mandriva.com/security/advisoriesnvdBroken Link
www-1.ibm.com/support/search.wssnvdBroken Link
www-1.ibm.com/support/search.wssnvdBroken Link
www-1.ibm.com/support/search.wssnvdBroken Link
www.debian.org/security/2003/dsa-257nvdBroken Link
www.iss.net/security_center/static/10748.phpnvdBroken Link
www.redhat.com/support/errata/RHSA-2003-073.htmlnvdBroken Link
www.redhat.com/support/errata/RHSA-2003-074.htmlnvdBroken Link
www.redhat.com/support/errata/RHSA-2003-227.htmlnvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.035
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000