Description
Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jonas Frey · textdosunix
https://www.exploit-db.com/exploits/21345
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/262213
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4295
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/8458.php
Various Sources x_refsource_confirm
ftp://ftp.qualcomm.com/eudora/servers/unix/popper/qpopper4.0.4.tar.gz
Scores
EPSS
0.0548
EPSS Percentile
90.3%
Details
Status
published
Products (4)
qualcomm/qpopper
4.0
qualcomm/qpopper
4.0.1
qualcomm/qpopper
4.0.2
qualcomm/qpopper
4.0.3
Published
Aug 12, 2002
Tracked Since
Feb 18, 2026