CVE-2008-5038
CRITICALNovell eDirectory < 8.7.3 SP10 FTF1 - Use-After-Free via NCP Extension Information Request
Title source: llmDescription
Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.
References (10)
Core 10
Core References
Broken Link x_refsource_confirm
http://www.novell.com/support/viewContent.do?externalId=3426981
Broken Link third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748
Broken Link, Patch x_refsource_confirm
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32395
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31956
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/48206
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1021117
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46138
Broken Link, Patch, Vendor Advisory x_refsource_confirm
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html
Broken Link, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2937
Scores
CVSS v3
9.8
EPSS
0.2044
EPSS Percentile
95.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (3)
novell/edirectory
8.7.3 sp1 (9 CPE variants)
novell/edirectory
8.8
novell/edirectory
< 8.7.3
Published
Nov 12, 2008
Tracked Since
Feb 18, 2026