Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1089

Опубликовано: 07 мая 2018
Источник: redhat
CVSS3: 7.5

Описание

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8389-ds-baseNot affected
Red Hat Enterprise Linux 6389-ds-baseFixedRHSA-2018:136409.05.2018
Red Hat Enterprise Linux 7389-ds-baseFixedRHSA-2018:138014.05.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1559802389-ds-base: ns-slapd crash via large filter value in ldapsearch

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1089

CVSS3: 7.5
ubuntu
больше 7 лет назад

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

nvd логотип

CVE-2018-1089

CVSS3: 7.5
nvd
больше 7 лет назад

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

debian логотип

CVE-2018-1089

CVSS3: 7.5
debian
больше 7 лет назад

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properl ...

github логотип

GHSA-4xv3-w7vq-3g6v

CVSS3: 7.5
github
больше 3 лет назад

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

oracle-oval логотип

ELSA-2018-1380

oracle-oval
больше 7 лет назад

ELSA-2018-1380: 389-ds-base security and bug fix update (IMPORTANT)

7.5 High

CVSS3