CVE-2018-1054

7.5HIGH

Key Information:

Vendor: Red Hat
Status: 389-ds-base
Vendor: CVE Published:; 7 March 2018

Summary

An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

Affected Version(s)

389-ds-base all versions including upstream 1.4.x

References

https://pagure.io/389-ds-base/issue/49545

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1537314

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2018:0414

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 7, 2018
Vulnerability Reserved
Dec 4, 2017

.