Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-2591

Опубликовано: 13 сент. 2016
Источник: redhat
CVSS3: 3.7
CVSS2: 2.6
EPSS Низкий

Описание

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.

It was found that the uniqueness_entry_to_config() function, used by the "attribute uniqueness" plugin of 389 Directory Server, did not properly NULL terminate an array used in some configuration. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.

Отчет

Red Hat Product Security has rated this issue as having Low security impact, a future update may address this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6389-ds-baseNot affected
Red Hat Enterprise Linux 7389-ds-baseAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1381481389-ds-base: Heap buffer overflow in uiduniq.c

EPSS

Процентиль: 91%
0.06828
Низкий

3.7 Low

CVSS3

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2017-2591

CVSS3: 3.7
ubuntu
почти 8 лет назад

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.

nvd логотип

CVE-2017-2591

CVSS3: 3.7
nvd
почти 8 лет назад

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.

debian логотип

CVE-2017-2591

CVSS3: 3.7
debian
почти 8 лет назад

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL t ...

github логотип

GHSA-cmhq-25mx-42j8

CVSS3: 7.5
github
больше 3 лет назад

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.

EPSS

Процентиль: 91%
0.06828
Низкий

3.7 Low

CVSS3

2.6 Low

CVSS2