Denial of service in 389-ds-base

Published: 2018-03-12 12:00:20
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-1054
CVSSv3 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-125
Exploitation vector Network
Public exploit Not available
Vulnerable software 389-ds-base
Vulnerable software versions 389-ds-base 1.3.6.7
389-ds-base 1.3.5.19
389-ds-base 1.3.5.18
Show more
Vendor URL 389 Directory Server Project

Security Advisory

1) Out-of-bounds read

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the 389-ds-base package due to out-of-bounds read when handling of certain Lightweight Directory Access Protocol (LDAP) search filters. A remote attacker can send a specially crafted LDAP request, trigger memory error and cause the ns-slapd process.

Remediation

Update to version 1.4.0.6.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=1537314

Back to List