CVE-2008-5038

CWE-416Use After Free3 documents3 sources
Severity
9.8CRITICAL
EPSS
20.4%
top 4.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Edirectory
Timeline
PublishedNov 12
Latest updateMay 17

Description

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDnovell/edirectory< 8.7.3+2

Patches

Patch: support.novell.comPatch: support.novell.comPatch: support.novell.com

🔴Vulnerability Details

2
GHSA
GHSA-w3mr-x868-44rj: Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 82022-05-17
CVEList
CVE-2008-5038: Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 82008-11-12
CVE-2008-5038 (CRITICAL CVSS 9.8) | Use-after-free vulnerability in the | cvebase.io