CVE-2002-0391

NameCVE-2002-0391
DescriptionInteger overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-142, DSA-143, DSA-146, DSA-149, DSA-333

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
acm (PTS)jessie5.0-29fixed
stretch5.0-29.1fixed
buster5.0-29.2fixed
bullseye6.0+20200416-1fixed
bookworm6.0+20200416-1.1fixed
sid, trixie6.0+20200416-1.2fixed
dietlibc (PTS)jessie0.33~cvs20120325-6+deb8u1fixed
stretch0.34~cvs20160606-6fixed
buster0.34~cvs20160606-10fixed
bullseye0.34~cvs20160606-12fixed
bookworm0.34~cvs20160606-14fixed
sid, trixie0.34~cvs20160606-18fixed
glibc (PTS)jessie, jessie (lts)2.19-18+deb8u14fixed
stretch (security)2.24-11+deb9u1fixed
stretch (lts), stretch2.24-11+deb9u7fixed
buster (security), buster, buster (lts)2.28-10+deb10u4fixed
bullseye2.31-13+deb11u11fixed
bullseye (security)2.31-13+deb11u10fixed
bookworm2.36-9+deb12u9fixed
bookworm (security)2.36-9+deb12u7fixed
sid, trixie2.40-3fixed
krb5 (PTS)jessie, jessie (lts)1.12.1+dfsg-19+deb8u9fixed
stretch (security)1.15-1+deb9u3fixed
stretch (lts), stretch1.15-1+deb9u6fixed
buster, buster (lts)1.17-3+deb10u7fixed
buster (security)1.17-3+deb10u6fixed
bullseye (security), bullseye1.18.3-6+deb11u5fixed
bookworm (security), bookworm1.20.1-2+deb12u2fixed
sid, trixie1.21.3-3fixed
openafs (PTS)jessie, jessie (lts)1.6.9-2+deb8u9fixed
stretch (security), stretch (lts), stretch1.6.20-2+deb9u2fixed
buster1.8.2-1+deb10u1fixed
bullseye1.8.6-5fixed
bookworm1.8.9-1fixed
sid1.8.13-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
acmsourcewoody5.0-3.woody.1DSA-333
acmsource(unstable)5.0-10
dietlibcsourcewoody0.12-2.4DSA-146
dietlibcsource(unstable)0.20-0cvs20020808
glibcsourcewoody2.2.5-11.1DSA-149
glibcsource(unstable)2.2.5-13
krb5sourcewoody1.2.4-5woody1DSA-143
krb5source(unstable)1.2.5-2
openafssourcewoody1.2.3final2-6DSA-142
openafssource(unstable)1.2.6-1

Search for package or bug name: Reporting problems