CVE-2003-0694

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

Published: 2003-10-06 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2003-0694 is rated High Risk (75/100): CVSS Critical severity, with high exploitation likelihood (EPSS 76.08%, 99th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2003-0694

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-05-23 75.67% 76.08% +0.41%
2 2025-03-30 76.15% 75.67% -0.48%
3 2025-03-29 76.15%

Full EPSS history (10 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2003-0694

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
10.0 2.0 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 10.0 10.0 [email protected]

Weakness enumeration for CVE-2003-0694

OS Trackers for CVE-2003-0694

vendor priority summary link
debian not yet assigned CVE-2003-0694 not yet assigned priority: Debian including 1 source packages (sendmail), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2003-0694
redhat critical https://access.redhat.com/security/cve/CVE-2003-0694
ubuntu medium CVE-2003-0694 medium priority: Ubuntu including 1 source packages (sendmail), 4 status rows across 4 suites (dapper, edgy, feisty, upstream): released 3, needs-triage 1. https://ubuntu.com/security/CVE-2003-0694

Affected software / configurations for CVE-2003-0694

Vendor Product Version Raw CPE
sendmail advanced_message_server 1.2 cpe:2.3:a:sendmail:advanced_message_server:1.2:*:*:*:*:*:*:*
sendmail advanced_message_server 1.3 cpe:2.3:a:sendmail:advanced_message_server:1.3:*:*:*:*:*:*:*
sendmail sendmail 2.6 cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*
sendmail sendmail 2.6.1 cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*
sendmail sendmail 2.6.2 cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*
sendmail sendmail 3.0 cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*
sendmail sendmail 3.0.1 cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*
sendmail sendmail 3.0.2 cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*
sendmail sendmail 3.0.3 cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*
sendmail sendmail 8.8.8 cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*
sendmail sendmail 8.9.0 cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*
sendmail sendmail 8.9.1 cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*
sendmail sendmail 8.9.2 cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*
sendmail sendmail 8.9.3 cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*
sendmail sendmail 8.10 cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
sendmail sendmail 8.10.1 cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
sendmail sendmail 8.10.2 cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
sendmail sendmail 8.11.0 cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*
sendmail sendmail 8.11.1 cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
sendmail sendmail 8.11.2 cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
sendmail sendmail 8.11.3 cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
sendmail sendmail 8.11.4 cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*
sendmail sendmail 8.11.5 cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*
sendmail sendmail 8.11.6 cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*
sendmail sendmail 8.12 cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*
sendmail sendmail 8.12 cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*
sendmail sendmail 8.12 cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*
sendmail sendmail 8.12 cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*
sendmail sendmail 8.12 cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*
sendmail sendmail 8.12.0 cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
sendmail sendmail 8.12.1 cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
sendmail sendmail 8.12.2 cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
sendmail sendmail 8.12.3 cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
sendmail sendmail 8.12.4 cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
sendmail sendmail 8.12.5 cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
sendmail sendmail 8.12.6 cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
sendmail sendmail 8.12.7 cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*
sendmail sendmail 8.12.8 cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*
sendmail sendmail 8.12.9 cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*
sendmail sendmail_pro 8.9.2 cpe:2.3:a:sendmail:sendmail_pro:8.9.2:*:*:*:*:*:*:*
sendmail sendmail_pro 8.9.3 cpe:2.3:a:sendmail:sendmail_pro:8.9.3:*:*:*:*:*:*:*
sendmail sendmail_switch 2.1 cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*
sendmail sendmail_switch 2.1.1 cpe:2.3:a:sendmail:sendmail_switch:2.1.1:*:*:*:*:*:*:*
sendmail sendmail_switch 2.1.2 cpe:2.3:a:sendmail:sendmail_switch:2.1.2:*:*:*:*:*:*:*
sendmail sendmail_switch 2.1.3 cpe:2.3:a:sendmail:sendmail_switch:2.1.3:*:*:*:*:*:*:*
sendmail sendmail_switch 2.1.4 cpe:2.3:a:sendmail:sendmail_switch:2.1.4:*:*:*:*:*:*:*
sendmail sendmail_switch 2.1.5 cpe:2.3:a:sendmail:sendmail_switch:2.1.5:*:*:*:*:*:*:*
sendmail sendmail_switch 2.2 cpe:2.3:a:sendmail:sendmail_switch:2.2:*:*:*:*:*:*:*
sendmail sendmail_switch 2.2.1 cpe:2.3:a:sendmail:sendmail_switch:2.2.1:*:*:*:*:*:*:*
sendmail sendmail_switch 2.2.2 cpe:2.3:a:sendmail:sendmail_switch:2.2.2:*:*:*:*:*:*:*
sendmail sendmail_switch 2.2.3 cpe:2.3:a:sendmail:sendmail_switch:2.2.3:*:*:*:*:*:*:*
sendmail sendmail_switch 2.2.4 cpe:2.3:a:sendmail:sendmail_switch:2.2.4:*:*:*:*:*:*:*
sendmail sendmail_switch 2.2.5 cpe:2.3:a:sendmail:sendmail_switch:2.2.5:*:*:*:*:*:*:*
sendmail sendmail_switch 3.0 cpe:2.3:a:sendmail:sendmail_switch:3.0:*:*:*:*:*:*:*
sendmail sendmail_switch 3.0.1 cpe:2.3:a:sendmail:sendmail_switch:3.0.1:*:*:*:*:*:*:*
sendmail sendmail_switch 3.0.2 cpe:2.3:a:sendmail:sendmail_switch:3.0.2:*:*:*:*:*:*:*
sendmail sendmail_switch 3.0.3 cpe:2.3:a:sendmail:sendmail_switch:3.0.3:*:*:*:*:*:*:*
sgi irix 6.5.15 cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*
sgi irix 6.5.16 cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*
sgi irix 6.5.17f cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*
sgi irix 6.5.17m cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*
sgi irix 6.5.18f cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*
sgi irix 6.5.18m cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*
sgi irix 6.5.19f cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*
sgi irix 6.5.19m cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*
sgi irix 6.5.20f cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*
sgi irix 6.5.20m cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*
sgi irix 6.5.21f cpe:2.3:o:sgi:irix:6.5.21f:*:*:*:*:*:*:*
sgi irix 6.5.21m cpe:2.3:o:sgi:irix:6.5.21m:*:*:*:*:*:*:*
apple mac_os_x 10.2 cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*
apple mac_os_x 10.2.1 cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*
apple mac_os_x 10.2.2 cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*
apple mac_os_x 10.2.3 cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*
apple mac_os_x 10.2.4 cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*
apple mac_os_x 10.2.5 cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*
apple mac_os_x 10.2.6 cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*
apple mac_os_x_server 10.2 cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*
apple mac_os_x_server 10.2.1 cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*
apple mac_os_x_server 10.2.2 cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*
apple mac_os_x_server 10.2.3 cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*

References for CVE-2003-0694

URL Tags
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt
http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742
http://marc.info/?l=bugtraq&m=106381604923204&w=2
http://marc.info/?l=bugtraq&m=106382859407683&w=2
http://marc.info/?l=bugtraq&m=106383437615742&w=2
http://marc.info/?l=bugtraq&m=106398718909274&w=2
http://www.cert.org/advisories/CA-2003-25.html Patch Third Party Advisory US Government Resource
http://www.debian.org/security/2003/dsa-384
http://www.kb.cert.org/vuls/id/784980 US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2003:092
http://www.redhat.com/support/errata/RHSA-2003-283.html
http://www.redhat.com/support/errata/RHSA-2003-284.html
http://www.sendmail.org/8.12.10.html Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603
cvelogic Threat Intelligence