CVE-2008-5092

Novell eDirectory < 8.8 SP3 - Heap-Based Buffer Overflow via HTTP Header Parsing

Title source: llm

Description

Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-length header.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/30947

Vendor Advisory x_refsource_confirm

http://www.novell.com/support/viewContent.do?externalId=3426981

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1020786

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2462

Scores

EPSS 0.0040

EPSS Percentile 60.8%

Details

CWE

CWE-119

Status published

Products (17)

novell/edirectory 8.0

novell/edirectory 8.5

novell/edirectory 8.5.12a

novell/edirectory 8.5.27

novell/edirectory 8.6.2

novell/edirectory 8.7

novell/edirectory 8.7.1 (2 CPE variants)

novell/edirectory 8.7.3 (10 CPE variants)

novell/edirectory 8.7.3.8

novell/edirectory 8.7.3.8_presp9

... and 7 more

Published Nov 14, 2008

Tracked Since Feb 18, 2026