LDAP Service Vulnerability in 389 Directory Server by Red Hat
CVE-2017-2591

3.7LOW

Key Information:

Vendor

Unspecified

Status
389-ds-base
Vendor
CVE Published:
30 April 2018

What is CVE-2017-2591?

The 389 Directory Server is susceptible to a vulnerability in the 'attribute uniqueness' plugin, where an improperly NULL terminated array in the uniqueness_entry_to_config() function can allow an authenticated or potentially unauthenticated attacker to execute an out-of-bounds heap memory read. This flaw may result in the crashing of the LDAP service, impacting the availability of directory operations.

Affected Version(s)

389-ds-base 389-ds-base 1.3.6

References

https://pagure.io/389-ds-base/issue/48986
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95670
vdb-entryx_refsource_BID

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.