CVE-2008-0027

Cisco Unified Communications Manager 4.0-4.2 - Heap-Based Buffer Overflow in CTL Provider Service

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/486432/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0171
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3551
Vendor Advisory x_refsource_misc
http://dvlabs.tippingpoint.com/advisory/TPTI-08-02
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39704
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019223
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27313
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28530

Scores

EPSS 0.5711
EPSS Percentile 99.0%

Details

CWE
CWE-119
Status published
Products (9)
cisco/unified_callmanager 4.0
cisco/unified_callmanager 4.1
cisco/unified_callmanager 4.1\(3\)sr4
cisco/unified_callmanager 4.1\(3\)sr5
cisco/unified_callmanager 4.1\(3\)sr5b
cisco/unified_communications_manager 4.2
cisco/unified_communications_manager 4.2.3sr2
cisco/unified_communications_manager 4.2.3sr2b
cisco/unified_communications_manager 4.3
Published Jan 17, 2008
Tracked Since Feb 18, 2026