PT-2018-3496 · Red Hat+3 · 389-Ds-Base+4

Lkrispen

Published

2017-04-26

Updated

2024-06-15

CVE-2017-15134

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: 389-ds-base versions 1.3.6.x through 1.3.6.12 389-ds-base versions 1.3.7.x through 1.3.7.8 389-ds-base versions 1.4.x through 1.4.0.4

Description: A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. This issue could allow a remote, unauthenticated attacker to potentially make ns-slapd crash via a specially crafted LDAP request, resulting in denial of service.

Recommendations: For 389-ds-base versions 1.3.6.x through 1.3.6.12, update to version 1.3.6.13 or later. For 389-ds-base versions 1.3.7.x through 1.3.7.8, update to version 1.3.7.9 or later. For 389-ds-base versions 1.4.x through 1.4.0.4, update to version 1.4.0.5 or later.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

ALT-PU-2017-1532

ALT-PU-2018-2148

BDU:2020-02901

CESA-2018_0163

CVE-2017-15134

DLA-1428-1

MGASA-2018-0122

OPENSUSE-SU-2019:1397-1

OPENSUSE-SU-2019_1397-1

OPENSUSE-SU-2024:10593-1

RHSA-2018:0163

RHSA-2018_0163

SUSE-SU-2019:1207-1

SUSE-SU-2019:1207-2

Affected Products

389-Ds-Base

Alt Linux

Centos

Red Hat

Suse

PT-2018-3496 · Red Hat+3 · 389-Ds-Base+4

CVE-2017-15134

Weakness Enumeration

Related Identifiers

Affected Products

References · 42