CVE-2008-2541

CWE-119 — Buffer Overflow3 documents3 sources

Severity

10.0CRITICAL

EPSS

20.0%

top 4.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

CA Etrust Secure Content Manager

Timeline

PublishedJun 4

Latest updateMay 1

Description

Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDca/etrust_secure_content_manager8.0

Patches

Patch: support.ca.com ↗Patch: support.ca.com ↗

🔴Vulnerability Details

GHSA

GHSA-gp4c-c4g6-6cqf: Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp↗2022-05-01

▶

CVEList

CVE-2008-2541: Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp↗2008-06-04

▶