CVE-2017-15134

7.5HIGH

Key Information:

Vendor: Red Hat
Status: 389-ds-base
Vendor: CVE Published:; 1 March 2018

Summary

A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

Affected Version(s)

389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5

References

https://access.redhat.com/errata/RHSA-2018:0163

vendor-advisoryx_refsource_REDHAT

https://pagure.io/389-ds-base/c/6aa2acdc3cad9

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1531573

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 1, 2018
Vulnerability Reserved
Oct 8, 2017

.