Buffer Overflow Vulnerability in 389-ds-base LDAP Server by Red Hat
CVE-2017-15134

7.5HIGH

Key Information:

Vendor
Red Hat
Status
389-ds-base
Vendor
CVE Published:
1 March 2018

Summary

A buffer overflow vulnerability exists in 389-ds-base versions prior to 1.3.6.13, 1.3.7.9, and 1.4.0.5, specifically when processing certain LDAP search filters. This flaw allows an unauthenticated attacker to exploit the vulnerability by sending a specially crafted LDAP request, which may cause the ns-slapd service to crash, leading to denial of service. Prompt updates are recommended to mitigate this risk.

Affected Version(s)

389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5

References

https://access.redhat.com/errata/RHSA-2018:0163
vendor-advisoryx_refsource_REDHAT
https://pagure.io/389-ds-base/c/6aa2acdc3cad9
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1531573
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.