CVE-2009-0895

CWE-1893 documents3 sources
Severity
10.0CRITICAL
EPSS
26.2%
top 3.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Edirectory
Timeline
PublishedDec 3
Latest updateMay 2

Description

Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDnovell/edirectory8 versions+7

Patches

Patch: www.novell.comPatch: www.vupen.comPatch: www.novell.com

🔴Vulnerability Details

2
GHSA
GHSA-48fp-j3fc-gqvx: Integer overflow in Novell eDirectory 82022-05-02
CVEList
CVE-2009-0895: Integer overflow in Novell eDirectory 82009-12-03
CVE-2009-0895 (CRITICAL CVSS 10) | Integer overflow in Novell eDirecto | cvebase.io