CyberSec.Space Logo
Back to CVE Browser

CVE-2003-0453

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0790%
EPSS Percentile4.40th
PublishedAug 7, 2003
Last ModifiedApr 16, 2026

Vulnerability Description

traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow.

Affected Platforms (CPE)

πŸ“¦
Ehud Gavron

Traceroute Nanog

= 6.1.1

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=105613905425563&w=2
πŸ”— http://www.debian.org/security/2003/dsa-348
πŸ”— http://marc.info/?l=bugtraq&m=105613905425563&w=2
πŸ”— http://www.debian.org/security/2003/dsa-348

Related Vulnerabilities

CVE-2002-13647.2

Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses...

CVE-2002-10514.6

Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T...

CVE-2002-13864.6

Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow local users to execute arbitrary code via a long hostname argume...

CVE-2002-13874.6

The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary memory locations via an array ...