Description
Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29126
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020001
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0268.html
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=444712
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30185
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30181
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42332
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0269.html
Scores
EPSS
0.0262
EPSS Percentile
85.7%
Details
CWE
CWE-120
Status
published
Products (3)
redhat/directory_server
7.1 sp1 (5 CPE variants)
redhat/directory_server
8.0
redhat/fedora_directory_server
1.1
Published
May 12, 2008
Tracked Since
Feb 18, 2026