CVE-2003-0161 [Critical] | Denial of Service in Sendmail

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

EDB-ID	Source	Kind	Published	Link
24	exploit_db	edb	2003-04-30	Exploit-DB ↗
22442	exploit_db	edb	2003-03-29	Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

exploit_db

edb

2003-04-30

Exploit-DB ↗

22442

exploit_db

edb

2003-03-29

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-12-28	65.76%	67.90%	+2.14%
2	2025-12-27	67.90%	65.76%	-2.14%
3	2025-12-10	—	67.90%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-12-28

65.76%

67.90%

+2.14%

2025-12-27

67.90%

65.76%

-2.14%

2025-12-10

—

67.90%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
10.0	2.0	HIGH	`AV:N/AC:L/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	10.0	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

10.0

2.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

10.0

[email protected]

OS Trackers for CVE-2003-0161

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2003-0161 not yet assigned priority: Debian including 1 source packages (sendmail), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2003-0161
`redhat`	critical	—	https://access.redhat.com/security/cve/CVE-2003-0161

Affected software / configurations for CVE-2003-0161

Vendor	Product	Version	Raw CPE
sendmail	sendmail	2.6	cpe:2.3:a:sendmail:sendmail:2.6:::::::*
sendmail	sendmail	2.6.1	cpe:2.3:a:sendmail:sendmail:2.6.1:::::::*
sendmail	sendmail	2.6.2	cpe:2.3:a:sendmail:sendmail:2.6.2:::::::*
sendmail	sendmail	3.0	cpe:2.3:a:sendmail:sendmail:3.0:::::::*
sendmail	sendmail	3.0.1	cpe:2.3:a:sendmail:sendmail:3.0.1:::::::*
sendmail	sendmail	3.0.2	cpe:2.3:a:sendmail:sendmail:3.0.2:::::::*
sendmail	sendmail	3.0.3	cpe:2.3:a:sendmail:sendmail:3.0.3:::::::*
sendmail	sendmail	8.9.0	cpe:2.3:a:sendmail:sendmail:8.9.0:::::::*
sendmail	sendmail	8.9.1	cpe:2.3:a:sendmail:sendmail:8.9.1:::::::*
sendmail	sendmail	8.9.2	cpe:2.3:a:sendmail:sendmail:8.9.2:::::::*
sendmail	sendmail	8.9.3	cpe:2.3:a:sendmail:sendmail:8.9.3:::::::*
sendmail	sendmail	8.10	cpe:2.3:a:sendmail:sendmail:8.10:::::::*
sendmail	sendmail	8.10.1	cpe:2.3:a:sendmail:sendmail:8.10.1:::::::*
sendmail	sendmail	8.10.2	cpe:2.3:a:sendmail:sendmail:8.10.2:::::::*
sendmail	sendmail	8.11.0	cpe:2.3:a:sendmail:sendmail:8.11.0:::::::*
sendmail	sendmail	8.11.1	cpe:2.3:a:sendmail:sendmail:8.11.1:::::::*
sendmail	sendmail	8.11.2	cpe:2.3:a:sendmail:sendmail:8.11.2:::::::*
sendmail	sendmail	8.11.3	cpe:2.3:a:sendmail:sendmail:8.11.3:::::::*
sendmail	sendmail	8.11.4	cpe:2.3:a:sendmail:sendmail:8.11.4:::::::*
sendmail	sendmail	8.11.5	cpe:2.3:a:sendmail:sendmail:8.11.5:::::::*
sendmail	sendmail	8.11.6	cpe:2.3:a:sendmail:sendmail:8.11.6:::::::*
sendmail	sendmail	8.12	cpe:2.3:a:sendmail:sendmail:8.12:beta10::::::
sendmail	sendmail	8.12	cpe:2.3:a:sendmail:sendmail:8.12:beta12::::::
sendmail	sendmail	8.12	cpe:2.3:a:sendmail:sendmail:8.12:beta16::::::
sendmail	sendmail	8.12	cpe:2.3:a:sendmail:sendmail:8.12:beta5::::::
sendmail	sendmail	8.12	cpe:2.3:a:sendmail:sendmail:8.12:beta7::::::
sendmail	sendmail	8.12.0	cpe:2.3:a:sendmail:sendmail:8.12.0:::::::*
sendmail	sendmail	8.12.1	cpe:2.3:a:sendmail:sendmail:8.12.1:::::::*
sendmail	sendmail	8.12.2	cpe:2.3:a:sendmail:sendmail:8.12.2:::::::*
sendmail	sendmail	8.12.3	cpe:2.3:a:sendmail:sendmail:8.12.3:::::::*
sendmail	sendmail	8.12.4	cpe:2.3:a:sendmail:sendmail:8.12.4:::::::*
sendmail	sendmail	8.12.5	cpe:2.3:a:sendmail:sendmail:8.12.5:::::::*
sendmail	sendmail	8.12.6	cpe:2.3:a:sendmail:sendmail:8.12.6:::::::*
sendmail	sendmail	8.12.7	cpe:2.3:a:sendmail:sendmail:8.12.7:::::::*
sendmail	sendmail	8.12.8	cpe:2.3:a:sendmail:sendmail:8.12.8:::::::*
sendmail	sendmail_switch	2.1	cpe:2.3:a:sendmail:sendmail_switch:2.1:::::::*
sendmail	sendmail_switch	2.1.1	cpe:2.3:a:sendmail:sendmail_switch:2.1.1:::::::*
sendmail	sendmail_switch	2.1.2	cpe:2.3:a:sendmail:sendmail_switch:2.1.2:::::::*
sendmail	sendmail_switch	2.1.3	cpe:2.3:a:sendmail:sendmail_switch:2.1.3:::::::*
sendmail	sendmail_switch	2.1.4	cpe:2.3:a:sendmail:sendmail_switch:2.1.4:::::::*
sendmail	sendmail_switch	2.1.5	cpe:2.3:a:sendmail:sendmail_switch:2.1.5:::::::*
sendmail	sendmail_switch	2.2	cpe:2.3:a:sendmail:sendmail_switch:2.2:::::::*
sendmail	sendmail_switch	2.2.1	cpe:2.3:a:sendmail:sendmail_switch:2.2.1:::::::*
sendmail	sendmail_switch	2.2.2	cpe:2.3:a:sendmail:sendmail_switch:2.2.2:::::::*
sendmail	sendmail_switch	2.2.3	cpe:2.3:a:sendmail:sendmail_switch:2.2.3:::::::*
sendmail	sendmail_switch	2.2.4	cpe:2.3:a:sendmail:sendmail_switch:2.2.4:::::::*
sendmail	sendmail_switch	2.2.5	cpe:2.3:a:sendmail:sendmail_switch:2.2.5:::::::*
sendmail	sendmail_switch	3.0	cpe:2.3:a:sendmail:sendmail_switch:3.0:::::::*
sendmail	sendmail_switch	3.0.1	cpe:2.3:a:sendmail:sendmail_switch:3.0.1:::::::*
sendmail	sendmail_switch	3.0.2	cpe:2.3:a:sendmail:sendmail_switch:3.0.2:::::::*
sendmail	sendmail_switch	3.0.3	cpe:2.3:a:sendmail:sendmail_switch:3.0.3:::::::*
compaq	tru64	4.0b	cpe:2.3:o:compaq:tru64:4.0b:::::::*
compaq	tru64	4.0d	cpe:2.3:o:compaq:tru64:4.0d:::::::*
compaq	tru64	4.0d_pk9_bl17	cpe:2.3:o:compaq:tru64:4.0d_pk9_bl17:::::::*
compaq	tru64	4.0f	cpe:2.3:o:compaq:tru64:4.0f:::::::*
compaq	tru64	4.0f_pk6_bl17	cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:::::::*
compaq	tru64	4.0f_pk7_bl18	cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:::::::*
compaq	tru64	4.0g	cpe:2.3:o:compaq:tru64:4.0g:::::::*
compaq	tru64	4.0g_pk3_bl17	cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:::::::*
compaq	tru64	5.0	cpe:2.3:o:compaq:tru64:5.0:::::::*
compaq	tru64	5.0_pk4_bl17	cpe:2.3:o:compaq:tru64:5.0_pk4_bl17:::::::*
compaq	tru64	5.0_pk4_bl18	cpe:2.3:o:compaq:tru64:5.0_pk4_bl18:::::::*
compaq	tru64	5.0a	cpe:2.3:o:compaq:tru64:5.0a:::::::*
compaq	tru64	5.0a_pk3_bl17	cpe:2.3:o:compaq:tru64:5.0a_pk3_bl17:::::::*
compaq	tru64	5.0f	cpe:2.3:o:compaq:tru64:5.0f:::::::*
compaq	tru64	5.1	cpe:2.3:o:compaq:tru64:5.1:::::::*
compaq	tru64	5.1_pk3_bl17	cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:::::::*
compaq	tru64	5.1_pk4_bl18	cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:::::::*
compaq	tru64	5.1_pk5_bl19	cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:::::::*
compaq	tru64	5.1_pk6_bl20	cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:::::::*
compaq	tru64	5.1a	cpe:2.3:o:compaq:tru64:5.1a:::::::*
compaq	tru64	5.1a_pk1_bl1	cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:::::::*
compaq	tru64	5.1a_pk2_bl2	cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:::::::*
compaq	tru64	5.1a_pk3_bl3	cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:::::::*
compaq	tru64	5.1b	cpe:2.3:o:compaq:tru64:5.1b:::::::*
compaq	tru64	5.1b_pk1_bl1	cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:::::::*
hp	hp-ux	10.00	cpe:2.3:o:hp:hp-ux:10.00:::::::*
hp	hp-ux	10.01	cpe:2.3:o:hp:hp-ux:10.01:::::::*
hp	hp-ux	10.08	cpe:2.3:o:hp:hp-ux:10.08:::::::*
hp	hp-ux	10.09	cpe:2.3:o:hp:hp-ux:10.09:::::::*

References for CVE-2003-0161

URL	Tags
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt
ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614
http://lists.apple.com/mhonarc/security-announce/msg00028.html
http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html
http://marc.info/?l=bugtraq&m=104896621106790&w=2
http://marc.info/?l=bugtraq&m=104897487512238&w=2
http://marc.info/?l=bugtraq&m=104914999806315&w=2
http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1
http://www.cert.org/advisories/CA-2003-12.html	Patch Third Party Advisory US Government Resource
http://www.debian.org/security/2003/dsa-278
http://www.debian.org/security/2003/dsa-290
http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml
http://www.kb.cert.org/vuls/id/897604	US Government Resource
http://www.redhat.com/support/errata/RHSA-2003-120.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-121.html
http://www.securityfocus.com/archive/1/316961/30/25250/threaded
http://www.securityfocus.com/archive/1/317135/30/25220/threaded
http://www.securityfocus.com/archive/1/321997
http://www.securityfocus.com/bid/7230	Patch Vendor Advisory

URL

CVE-2003-0161

Public exploit references (Exploit-DB) for CVE-2003-0161

Exploit prediction scoring system (EPSS) score for CVE-2003-0161

Common vulnerability scoring system (CVSS) metrics for CVE-2003-0161

Weakness enumeration for CVE-2003-0161

OS Trackers for CVE-2003-0161

Affected software / configurations for CVE-2003-0161

References for CVE-2003-0161