CVE-2008-4480 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Edirectory

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

24.1%

top 3.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Edirectory

Timeline

PublishedOct 14

Latest updateMay 2

Description

Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDnovell/edirectory8.7.3 — 8.7.3.10+1

Patches

Patch: support.novell.com ↗Patch: support.novell.com ↗Patch: support.novell.com ↗

🔴Vulnerability Details

GHSA

GHSA-c5hm-4q3r-f846: Heap-based buffer overflow in dhost↗2022-05-02

▶

CVEList

CVE-2008-4480: Heap-based buffer overflow in dhost↗2008-10-14

▶