CVE-2003-0465

Linux <2.6 - Info Disclosure

Title source: llm

Description

The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks.

References (4)

[Mailing List] http://marc.info/?l=linux-kernel&m=105796415223490&w=2

[Patch, Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2004-188.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10285

[Mailing List] http://marc.info/?l=linux-kernel&m=105796021120436&w=2

Scores

EPSS 0.0047

EPSS Percentile 64.3%

Classification

Status draft

Affected Products (2)

linux/linux_kernel

Timeline

Published Aug 18, 2003

Tracked Since Feb 18, 2026