CVE-2008-1677

Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
redhatdirectory_server
7.1:sp1
redhatdirectory_server
7.1:sp2
redhatdirectory_server
7.1:sp3
redhatdirectory_server
7.1:sp4
redhatdirectory_server
7.1:sp5
redhatdirectory_server
8.0
redhatfedora_directory_server
1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/30181
http://secunia.com/advisories/30185
http://www.redhat.com/support/errata/RHSA-2008-0268.html
http://www.redhat.com/support/errata/RHSA-2008-0269.html
http://www.securityfocus.com/bid/29126
http://www.securitytracker.com/id?1020001
https://bugzilla.redhat.com/show_bug.cgi?id=444712
https://exchange.xforce.ibmcloud.com/vulnerabilities/42332
http://secunia.com/advisories/30181
http://secunia.com/advisories/30185
http://www.redhat.com/support/errata/RHSA-2008-0268.html
http://www.redhat.com/support/errata/RHSA-2008-0269.html
http://www.securityfocus.com/bid/29126
http://www.securitytracker.com/id?1020001
https://bugzilla.redhat.com/show_bug.cgi?id=444712
https://exchange.xforce.ibmcloud.com/vulnerabilities/42332