PT-2018-7121 · Red Hat+1 · 389-Ds-Base+1

Firstyear

Published

2016-11-09

Updated

2019-10-09

CVE-2017-2591

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: 389-ds-base versions prior to 1.3.6

Description: The issue arises from an improperly NULL terminated array in the uniqueness entry to config() function within the "attribute uniqueness" plugin of 389 Directory Server. This could allow an authenticated, or possibly unauthenticated, attacker to force an out-of-bound heap memory read, potentially causing a crash of the LDAP service.

Recommendations: For versions prior to 1.3.6, update to version 1.3.6 or later to resolve the issue.

Fix

Heap Based Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-125

Related Identifiers

ALT-PU-2016-2270

CVE-2017-2591

MGASA-2017-0028

Affected Products

389-Ds-Base

Alt Linux

PT-2018-7121 · Red Hat+1 · 389-Ds-Base+1

CVE-2017-2591

Weakness Enumeration

Related Identifiers

Affected Products

References · 15