CVE-2006-2304 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Client

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

9.3%

top 7.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Client

Timeline

PublishedMay 11

Latest updateMay 1

Description

Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. NOTE: this was originally reported to be a buffer overflow by Novell, but the original cause is an integer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDnovell/client4.83, 4.90, 4.91+2

Patches

Patch: securitytracker.com ↗Patch: support.novell.com ↗Patch: www.hustlelabs.com ↗

🔴Vulnerability Details

GHSA

GHSA-jc5c-c7jm-fw7h: Multiple integer overflows in the DPRPC library (DPRPCW32↗2022-05-01

▶

CVEList

CVE-2006-2304: Multiple integer overflows in the DPRPC library (DPRPCW32↗2006-05-11

▶