CVE-2008-0027 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Unified Callmanager

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

35.5%

top 2.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Callmanager Cisco Unified Communications Manager

Timeline

PublishedJan 17

Latest updateMay 1

Description

Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDcisco/unified_callmanager5 versions+4

▶NVDcisco/unified_communications_manager4 versions+3

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-fr76-mw78-4mfw: Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider↗2022-05-01

▶

CVEList

CVE-2008-0027: Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider↗2008-01-17

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager CTL Provider Heap Overflow↗2008-01-16

▶