CVE-2008-0027
Cisco Unified Communications Manager 4.0-4.2 - Heap-Based Buffer Overflow in CTL Provider Service
Title source: llmDescription
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/486432/100/0/threaded
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0171
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3551
Patch vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml
Vendor Advisory x_refsource_misc
http://dvlabs.tippingpoint.com/advisory/TPTI-08-02
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39704
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019223
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27313
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28530
Scores
EPSS
0.5711
EPSS Percentile
99.0%
Details
CWE
CWE-119
Status
published
Products (9)
cisco/unified_callmanager
4.0
cisco/unified_callmanager
4.1
cisco/unified_callmanager
4.1\(3\)sr4
cisco/unified_callmanager
4.1\(3\)sr5
cisco/unified_callmanager
4.1\(3\)sr5b
cisco/unified_communications_manager
4.2
cisco/unified_communications_manager
4.2.3sr2
cisco/unified_communications_manager
4.2.3sr2b
cisco/unified_communications_manager
4.3
Published
Jan 17, 2008
Tracked Since
Feb 18, 2026