CVE-2008-4478Improper Restriction of Operations within the Bounds of a Memory Buffer in Edirectory

CWE-1894 documents4 sources
Severity
10.0CRITICALNVD
EPSS
60.8%
top 1.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Edirectory
Timeline
PublishedOct 14
Latest updateMay 2

Description

Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDnovell/edirectory8.7.3.10+9

Patches

Patch: support.novell.comPatch: support.novell.comPatch: support.novell.com

🔴Vulnerability Details

2
GHSA
GHSA-p5jp-jvfr-m3m3: Multiple integer overflows in dhost2022-05-02
CVEList
CVE-2008-4478: Multiple integer overflows in dhost2008-10-14
CVE-2008-4478 — Novell Edirectory vulnerability | cvebase