LDAP Invalid Pointer Dereference in 389-ds-base from Red Hat
CVE-2017-2668

6.5MEDIUM

Key Information:

Vendor: [unknown]
Status: 389-ds-base
Vendor: CVE Published:; 22 June 2018

What is CVE-2017-2668?

The 389 Directory Server (389-ds-base) is susceptible to a vulnerability that allows a remote unauthenticated attacker to exploit an invalid pointer dereference during the handling of LDAP bind requests. By sending a specially crafted LDAP bind request, an attacker could trigger a crash in the ns-slapd server process, leading to a denial of service. This flaw affects versions prior to 1.3.5.17 and 1.3.6.10, necessitating prompt updates to mitigate potential disruptions.

Affected Version(s)

389-ds-base 389-ds-base 1.3.5.17

389-ds-base 389-ds-base 1.3.6.10

References

https://access.redhat.com/errata/RHSA-2017:0920

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2668

x_refsource_CONFIRM

https://pagure.io/389-ds-base/issue/49220

x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2018
Vulnerability Reserved
Dec 1, 2016

CVE-2017-2668 Data

JSON

[unknown]

What is CVE-2017-2668?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline