CVE-2003-0721
Pine < 4.58 - Remote Code Execution via Negative Array Index in rfc2231_get_param
Title source: llmDescription
Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.
References (7)
Core 7
Core References
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-274.html
Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106329356702508&w=2
Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106367213400313&w=2
Broken Link, Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-273.html
Broken Link, Exploit, Patch, Vendor Advisory third-party-advisory
x_refsource_idefense
http://www.idefense.com/advisory/09.10.03.txt
Broken Link mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009850.html
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A503
Scores
EPSS
0.0386
EPSS Percentile
88.8%
Details
CWE
CWE-129
Status
published
Products (1)
washington/pine
< 4.58
Published
Sep 17, 2003
Tracked Since
Feb 18, 2026