CVE-2008-1677 — Classic Buffer Overflow in Redhat Directory Server

CWE-120 — Classic Buffer Overflow CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

7.5HIGHNVD

EPSS

2.6%

top 14.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Directory Server Redhat Fedora Directory Server

Timeline

PublishedMay 12

Latest updateMay 1

Description

Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDredhat/directory_server7.1, 8.0+1

▶NVDredhat/fedora_directory_server1.1

🔴Vulnerability Details

GHSA

GHSA-qjcg-h2hw-4c86: Buffer overflow in the regular expression handler in Red Hat Directory Server 8↗2022-05-01

▶

CVEList

CVE-2008-1677: Buffer overflow in the regular expression handler in Red Hat Directory Server 8↗2008-05-12

▶

📋Vendor Advisories

Red Hat

Server: insufficient buffer size for search patterns↗2006-02-23

▶

💬Community

Bugzilla

CVE-2008-1677 Directory Server: insufficient buffer size for search patterns↗2008-04-30

▶