Fluid Attacks Database

Description

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	sendmail	>=0 <8.13.0.prealpha4-0	8.13.0.prealpha4-0
debian 13	sendmail	>=0 <8.13.0.prealpha4-0	8.13.0.prealpha4-0
debian 12	sendmail	>=0 <8.13.0.prealpha4-0	8.13.0.prealpha4-0
debian 14	sendmail	>=0 <8.13.0.prealpha4-0	8.13.0.prealpha4-0

Aliases

1. CVE-2002-13372. NVD-2002-13373. OSV-DEBIAN-2002-13374. OSV-2002-13375. SECURITY-TRACKER-CVE-2002-1337

References

1. https://www.exploit-db.com/exploits/4112. https://www.exploit-db.com/exploits/223133. https://www.exploit-db.com/exploits/22314

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.