CVE-2008-3283

Summary

CVE	CVE-2008-3283
State	PUBLISHED
Assigner	redhat
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-08-29 18:41:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests.

Risk And Classification

Primary CVSS: v2.0 7.8 from [email protected]

AV:N/AC:L/Au:N/C:N/I:N/A:C

Problem Types: CWE-399 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Fedora	Directory Server	1.1.1	All	All	All
Application	Redhat	Directory Server	7.1	sp1	All	All
Application	Redhat	Directory Server	7.1	sp2	All	All
Application	Redhat	Directory Server	7.1	sp3	All	All
Application	Redhat	Directory Server	7.1	sp4	All	All
Application	Redhat	Directory Server	7.1	sp5	All	All
Application	Redhat	Directory Server	7.1	sp6	All	All
Application	Redhat	Directory Server	8.0	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
Fedora Directory Server Denial of Service Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Release Notes	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com	Patch
[SECURITY] Fedora 8 Update: fedora-ds-base-1.1.2-1.fc8	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp	af854a3a-2127-422b-91ae-364da2661108	h20000.www2.hp.com
HP-UX update for Netscape / Red Hat Directory Server - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Fedora update for fedora-ds-base - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Bug 458977 – CVE-2008-3283 Directory Server: multiple memory leaks	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com
[SECURITY] Fedora 9 Update: fedora-ds-base-1.1.2-1.fc9	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
Red Hat Directory Server Denial of Service Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial Of Service Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Patch
Red Hat Customer Portal	af854a3a-2127-422b-91ae-364da2661108	rhn.redhat.com
SecurityTracker.com Archives - Red Hat Directory Server Memory Leaks Let Remote Users Deny Service	af854a3a-2127-422b-91ae-364da2661108	securitytracker.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
Red Hat Directory Server Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.