Unrated severityNVD Advisory· Published Apr 2, 2003· Updated Apr 16, 2026

CVE-2003-0161

Description

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

Affected products

111

Sendmail, Inc./Sendmail35 versions
cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*+ 34 more
- cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*
Sendmail, Inc./Sendmail Switch16 versions
cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail_switch:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail_switch:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail_switch:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail_switch:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail_switch:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail_switch:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail_switch:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail_switch:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail_switch:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail_switch:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail_switch:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail_switch:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail_switch:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail_switch:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail_switch:3.0.3:*:*:*:*:*:*:*
Compaq/Tru6425 versions
cpe:2.3:o:compaq:tru64:4.0b:*:*:*:*:*:*:*+ 24 more
- cpe:2.3:o:compaq:tru64:4.0b:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:4.0d:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:4.0d_pk9_bl17:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.0a:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.0a_pk3_bl17:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.0f:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.0_pk4_bl17:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.0_pk4_bl18:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*
- cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*
HP/Hpux16 versions
cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.08:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.09:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.16:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*
HP/Hp Ux Series 700
cpe:2.3:o:hp:hp-ux_series_700:10.20:*:*:*:*:*:*:*
HP/Hp Ux Series 800
cpe:2.3:o:hp:hp-ux_series_800:10.20:*:*:*:*:*:*:*
HP/Sis
cpe:2.3:o:hp:sis:*:*:*:*:*:*:*:*
Sun Corporation/Solaris10 versions
cpe:2.3:o:sun:solaris:2.4:*:x86:*:*:*:*:*+ 9 more
- cpe:2.3:o:sun:solaris:2.4:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*
- cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:2.5:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
- cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*
Sun Corporation/Sunos6 versions
cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cert.org/advisories/CA-2003-12.htmlnvdPatchThird Party AdvisoryUS Government Resource
www.redhat.com/support/errata/RHSA-2003-120.htmlnvdPatchVendor Advisory
www.securityfocus.com/bid/7230nvdPatchVendor Advisory
www.kb.cert.org/vuls/id/897604nvdUS Government Resource
ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txtnvd
ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.ascnvd
ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txtnvd
patches.sgi.com/support/free/security/advisories/20030401-01-Pnvd
distro.conectiva.com.br/atualizacoes/nvd
lists.apple.com/mhonarc/security-announce/msg00028.htmlnvd
lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.htmlnvd
marc.infonvd
marc.infonvd
marc.infonvd
sunsolve.sun.com/search/document.donvd
sunsolve.sun.com/search/document.donvd
sunsolve.sun.com/search/document.donvd
www.debian.org/security/2003/dsa-278nvd
www.debian.org/security/2003/dsa-290nvd
www.gentoo.org/security/en/glsa/glsa-200303-27.xmlnvd
www.redhat.com/support/errata/RHSA-2003-121.htmlnvd
www.securityfocus.com/archive/1/316961/30/25250/threadednvd
www.securityfocus.com/archive/1/317135/30/25220/threadednvd
www.securityfocus.com/archive/1/321997nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.054
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000