CVE-2008-5038

9.8 CRITICAL
Published: November 12, 2008 Modified: April 23, 2026
View on NVD

Description

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748
Source: cve@mitre.org
Broken Link
http://osvdb.org/48206
Source: cve@mitre.org
Broken Link
http://secunia.com/advisories/32395
Source: cve@mitre.org
Broken Link Vendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html
Source: cve@mitre.org
Broken Link Patch Vendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
Source: cve@mitre.org
Broken Link Patch
http://www.novell.com/support/viewContent.do?externalId=3426981
Source: cve@mitre.org
Broken Link
http://www.securityfocus.com/bid/31956
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1021117
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2937
Source: cve@mitre.org
Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46138
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://osvdb.org/48206
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/32395
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch Vendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch
http://www.novell.com/support/viewContent.do?externalId=3426981
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/bid/31956
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1021117
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2937
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46138
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry

20 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
20.4%
96th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-416

Affected Vendors

novell

Related CVEs

CVE-2026-41044 N/A
CVE-2026-41043 N/A
CVE-2026-40466 N/A
CVE-2025-62233 N/A
CVE-2026-6272 N/A