Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2002-0391

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

Published

2002-08-12T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-190
  • Type: Secondary
    CWE-190
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System freebsd freebsd ≤ 4.6.1 Yes
Operating System openbsd openbsd 3.1 Yes
Operating System sun solaris 2.6 Yes
Operating System sun solaris 9.0 Yes
Operating System sun sunos 5.5.1 Yes
Operating System sun sunos 5.7 Yes
Operating System sun sunos 5.8 Yes
Operating System microsoft windows_2000 - Yes
Operating System microsoft windows_nt 4.0 Yes
Operating System microsoft windows_xp - Yes
References