CVE-2008-1677

2008-05-1216:20:00

CWE-120

[email protected]

web.nvd.nist.gov

red hat directory server

buffer overflow

cve-2008-1677

denial of service

arbitrary code execution

7.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.063 Low

EPSS

Percentile

93.6%

JSON

Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.

Affected configurations

NVD

Node

redhatdirectory_serverMatch7.1sp1

redhatdirectory_serverMatch7.1sp2

redhatdirectory_serverMatch7.1sp3

redhatdirectory_serverMatch7.1sp4

redhatdirectory_serverMatch7.1sp5

redhatdirectory_serverMatch8.0

redhatfedora_directory_serverMatch1.1

CPENameOperatorVersion
redhat:directory_serverredhat directory servereq7.1
redhat:directory_serverredhat directory servereq8.0
redhat:fedora_directory_serverredhat fedora directory servereq1.1

CPE	Name	Operator	Version
redhat:directory_server	redhat directory server	eq	7.1
redhat:directory_server	redhat directory server	eq	8.0
redhat:fedora_directory_server	redhat fedora directory server	eq	1.1