{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2002-07-29T00:00:00.000Z","descriptions":[{"lang":"en","value":"Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2003-03-20T00:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"sunrpc-xdr-array-bo(9170)","tags":["vdb-entry","x_refsource_XF"],"url":"http://www.iss.net/security_center/static/9170.php"},{"name":"20020801-01-A","tags":["vendor-advisory","x_refsource_SGI"],"url":"ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A"},{"name":"CA-2002-25","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.cert.org/advisories/CA-2002-25.html"},{"name":"HPSBTL0208-061","tags":["vendor-advisory","x_refsource_HP"],"url":"http://online.securityfocus.com/advisories/4402"},{"name":"20020909 GLSA: glibc","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=103158632831416&w=2"},{"name":"DSA-146","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2002/dsa-146"},{"name":"RHSA-2002:166","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2002-166.html"},{"name":"HPSBUX0209-215","tags":["vendor-advisory","x_refsource_HP"],"url":"http://archives.neohapsis.com/archives/hp/2002-q3/0077.html"},{"name":"CSSA-2002-055.0","tags":["vendor-advisory","x_refsource_CALDERA"],"url":"ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt"},{"name":"DSA-143","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2002/dsa-143"},{"name":"20020731 Remote Buffer Overflow Vulnerability in Sun RPC","tags":["third-party-advisory","x_refsource_ISS"],"url":"http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823"},{"name":"20020801-01-P","tags":["vendor-advisory","x_refsource_SGI"],"url":"ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P"},{"name":"CLA-2002:515","tags":["vendor-advisory","x_refsource_CONECTIVA"],"url":"http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515"},{"name":"CLA-2002:535","tags":["vendor-advisory","x_refsource_CONECTIVA"],"url":"http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535"},{"name":"RHSA-2003:212","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2003-212.html"},{"name":"MS02-057","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057"},{"name":"DSA-142","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2002/dsa-142"},{"name":"NetBSD-SA2002-011","tags":["vendor-advisory","x_refsource_NETBSD"],"url":"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc"},{"name":"IY34194","tags":["vendor-advisory","x_refsource_AIXAPAR"],"url":"http://archives.neohapsis.com/archives/aix/2002-q4/0002.html"},{"name":"RHSA-2002:167","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2002-167.html"},{"name":"20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html"},{"name":"FreeBSD-SA-02:34.rpc","tags":["vendor-advisory","x_refsource_FREEBSD"],"url":"http://marc.info/?l=bugtraq&m=102821928418261&w=2"},{"name":"RHSA-2002:173","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2002-173.html"},{"name":"5356","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/5356"},{"name":"20020802 kerberos rpc xdr_array","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://online.securityfocus.com/archive/1/285740"},{"name":"20020731 Remote Buffer Overflow Vulnerability in Sun RPC","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=102813809232532&w=2"},{"name":"20020801 RPC analysis","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=102821785316087&w=2"},{"name":"VU#192995","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/192995"},{"name":"RHSA-2002:172","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2002-172.html"},{"name":"oval:org.mitre.oval:def:4728","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728"},{"name":"oval:org.mitre.oval:def:42","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42"},{"name":"ESA-20021003-021","tags":["vendor-advisory","x_refsource_ENGARDE"],"url":"http://www.linuxsecurity.com/advisories/other_advisory-2399.html"},{"name":"oval:org.mitre.oval:def:9","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9"},{"name":"MDKSA-2002:057","tags":["vendor-advisory","x_refsource_MANDRAKE"],"url":"http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057"},{"name":"DSA-149","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2002/dsa-149"},{"name":"20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=102831443208382&w=2"},{"name":"DSA-333","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2003/dsa-333"},{"name":"RHSA-2003:168","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2003-168.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2002-0391","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"sunrpc-xdr-array-bo(9170)","refsource":"XF","url":"http://www.iss.net/security_center/static/9170.php"},{"name":"20020801-01-A","refsource":"SGI","url":"ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A"},{"name":"CA-2002-25","refsource":"CERT","url":"http://www.cert.org/advisories/CA-2002-25.html"},{"name":"HPSBTL0208-061","refsource":"HP","url":"http://online.securityfocus.com/advisories/4402"},{"name":"20020909 GLSA: glibc","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=103158632831416&w=2"},{"name":"DSA-146","refsource":"DEBIAN","url":"http://www.debian.org/security/2002/dsa-146"},{"name":"RHSA-2002:166","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2002-166.html"},{"name":"HPSBUX0209-215","refsource":"HP","url":"http://archives.neohapsis.com/archives/hp/2002-q3/0077.html"},{"name":"CSSA-2002-055.0","refsource":"CALDERA","url":"ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt"},{"name":"DSA-143","refsource":"DEBIAN","url":"http://www.debian.org/security/2002/dsa-143"},{"name":"20020731 Remote Buffer Overflow Vulnerability in Sun RPC","refsource":"ISS","url":"http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823"},{"name":"20020801-01-P","refsource":"SGI","url":"ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P"},{"name":"CLA-2002:515","refsource":"CONECTIVA","url":"http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515"},{"name":"CLA-2002:535","refsource":"CONECTIVA","url":"http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535"},{"name":"RHSA-2003:212","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2003-212.html"},{"name":"MS02-057","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057"},{"name":"DSA-142","refsource":"DEBIAN","url":"http://www.debian.org/security/2002/dsa-142"},{"name":"NetBSD-SA2002-011","refsource":"NETBSD","url":"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc"},{"name":"IY34194","refsource":"AIXAPAR","url":"http://archives.neohapsis.com/archives/aix/2002-q4/0002.html"},{"name":"RHSA-2002:167","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2002-167.html"},{"name":"20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers","refsource":"BUGTRAQ","url":"http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html"},{"name":"FreeBSD-SA-02:34.rpc","refsource":"FREEBSD","url":"http://marc.info/?l=bugtraq&m=102821928418261&w=2"},{"name":"RHSA-2002:173","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2002-173.html"},{"name":"5356","refsource":"BID","url":"http://www.securityfocus.com/bid/5356"},{"name":"20020802 kerberos rpc xdr_array","refsource":"BUGTRAQ","url":"http://online.securityfocus.com/archive/1/285740"},{"name":"20020731 Remote Buffer Overflow Vulnerability in Sun RPC","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=102813809232532&w=2"},{"name":"20020801 RPC analysis","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=102821785316087&w=2"},{"name":"VU#192995","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/192995"},{"name":"RHSA-2002:172","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2002-172.html"},{"name":"oval:org.mitre.oval:def:4728","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728"},{"name":"oval:org.mitre.oval:def:42","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42"},{"name":"ESA-20021003-021","refsource":"ENGARDE","url":"http://www.linuxsecurity.com/advisories/other_advisory-2399.html"},{"name":"oval:org.mitre.oval:def:9","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9"},{"name":"MDKSA-2002:057","refsource":"MANDRAKE","url":"http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057"},{"name":"DSA-149","refsource":"DEBIAN","url":"http://www.debian.org/security/2002/dsa-149"},{"name":"20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=102831443208382&w=2"},{"name":"DSA-333","refsource":"DEBIAN","url":"http://www.debian.org/security/2003/dsa-333"},{"name":"RHSA-2003:168","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2003-168.html"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-08T02:49:28.492Z"},"title":"CVE Program Container","references":[{"name":"sunrpc-xdr-array-bo(9170)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"http://www.iss.net/security_center/static/9170.php"},{"name":"20020801-01-A","tags":["vendor-advisory","x_refsource_SGI","x_transferred"],"url":"ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A"},{"name":"CA-2002-25","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.cert.org/advisories/CA-2002-25.html"},{"name":"HPSBTL0208-061","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://online.securityfocus.com/advisories/4402"},{"name":"20020909 GLSA: glibc","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=103158632831416&w=2"},{"name":"DSA-146","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2002/dsa-146"},{"name":"RHSA-2002:166","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2002-166.html"},{"name":"HPSBUX0209-215","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://archives.neohapsis.com/archives/hp/2002-q3/0077.html"},{"name":"CSSA-2002-055.0","tags":["vendor-advisory","x_refsource_CALDERA","x_transferred"],"url":"ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt"},{"name":"DSA-143","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2002/dsa-143"},{"name":"20020731 Remote Buffer Overflow Vulnerability in Sun RPC","tags":["third-party-advisory","x_refsource_ISS","x_transferred"],"url":"http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823"},{"name":"20020801-01-P","tags":["vendor-advisory","x_refsource_SGI","x_transferred"],"url":"ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P"},{"name":"CLA-2002:515","tags":["vendor-advisory","x_refsource_CONECTIVA","x_transferred"],"url":"http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515"},{"name":"CLA-2002:535","tags":["vendor-advisory","x_refsource_CONECTIVA","x_transferred"],"url":"http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535"},{"name":"RHSA-2003:212","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2003-212.html"},{"name":"MS02-057","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057"},{"name":"DSA-142","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2002/dsa-142"},{"name":"NetBSD-SA2002-011","tags":["vendor-advisory","x_refsource_NETBSD","x_transferred"],"url":"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc"},{"name":"IY34194","tags":["vendor-advisory","x_refsource_AIXAPAR","x_transferred"],"url":"http://archives.neohapsis.com/archives/aix/2002-q4/0002.html"},{"name":"RHSA-2002:167","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2002-167.html"},{"name":"20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html"},{"name":"FreeBSD-SA-02:34.rpc","tags":["vendor-advisory","x_refsource_FREEBSD","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=102821928418261&w=2"},{"name":"RHSA-2002:173","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2002-173.html"},{"name":"5356","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/5356"},{"name":"20020802 kerberos rpc xdr_array","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://online.securityfocus.com/archive/1/285740"},{"name":"20020731 Remote Buffer Overflow Vulnerability in Sun RPC","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=102813809232532&w=2"},{"name":"20020801 RPC analysis","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=102821785316087&w=2"},{"name":"VU#192995","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/192995"},{"name":"RHSA-2002:172","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2002-172.html"},{"name":"oval:org.mitre.oval:def:4728","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728"},{"name":"oval:org.mitre.oval:def:42","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42"},{"name":"ESA-20021003-021","tags":["vendor-advisory","x_refsource_ENGARDE","x_transferred"],"url":"http://www.linuxsecurity.com/advisories/other_advisory-2399.html"},{"name":"oval:org.mitre.oval:def:9","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9"},{"name":"MDKSA-2002:057","tags":["vendor-advisory","x_refsource_MANDRAKE","x_transferred"],"url":"http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057"},{"name":"DSA-149","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2002/dsa-149"},{"name":"20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=102831443208382&w=2"},{"name":"DSA-333","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2003/dsa-333"},{"name":"RHSA-2003:168","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2003-168.html"}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-190","lang":"en","description":"CWE-190 Integer Overflow or Wraparound"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.8,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-02-08T19:26:07.645774Z","id":"CVE-2002-0391","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-16T17:20:45.514Z"}}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2002-0391","datePublished":"2003-04-02T05:00:00.000Z","dateReserved":"2002-05-28T00:00:00.000Z","dateUpdated":"2025-01-16T17:20:45.514Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}