CVE-2008-4479 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Edirectory

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

29.2%

top 3.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Edirectory

Timeline

PublishedOct 14

Latest updateMay 2

Description

Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDnovell/edirectory8.7.3 — 8.7.3.10+1

Patches

Patch: support.novell.com ↗Patch: support.novell.com ↗Patch: support.novell.com ↗

🔴Vulnerability Details

GHSA

GHSA-3rxw-g5h2-cm9q: Heap-based buffer overflow in dhost↗2022-05-02

▶

CVEList

CVE-2008-4479: Heap-based buffer overflow in dhost↗2008-10-14

▶