Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2240Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Lotus Domino

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
84.2%
top 0.69%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Lotus Domino
Timeline
PublishedMay 22
Latest updateMay 1

Description

Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDibm/lotus_domino5 versions+4

Patches

Patch: www-1.ibm.comPatch: www.mwrinfosecurity.comPatch: www-1.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-p4g3-m75g-v8cw: Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 72022-05-01
CVEList
CVE-2008-2240: Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 72008-05-22

💥Exploits & PoCs

1
Exploit-DB
IBM Lotus Domino Web Server - Accept-Language Stack Buffer Overflow (Metasploit)2010-11-11
CVE-2008-2240 — IBM Lotus Domino vulnerability | cvebase