CVE-2008-2928

CWE-119 — Buffer Overflow CWE-2285 documents5 sources

Severity

10.0CRITICAL

EPSS

19.1%

top 4.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Directory Server

Timeline

PublishedAug 29

Latest updateMay 1

Description

Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDredhat/directory_server7.1

Patches

Patch: www.securityfocus.com ↗Patch: rhn.redhat.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-fprm-74q4-pj4w: Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7↗2022-05-01

▶

CVEList

CVE-2008-2928: Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7↗2008-08-29

▶

📋Vendor Advisories

Red Hat

Server: CGI accept language buffer overflow↗2007-12-06

▶

💬Community

Bugzilla

CVE-2008-2928 Directory Server: CGI accept language buffer overflow↗2008-07-03

▶