CVE-2017-15134

HIGH

Fedoraproject 389 Directory Server < 1.3.6.13 - Memory Corruption

Title source: rule

Description

A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

References (6)

Core 6

Core References

Patch, Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:0163

Patch x_refsource_misc

https://pagure.io/389-ds-base/c/6aa2acdc3cad9

Issue Tracking, Patch x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=1531573

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/102790

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html

Scores

CVSS v3 7.5

EPSS 0.0569

EPSS Percentile 90.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-119 CWE-120

Status published

Products (6)

fedoraproject/389_directory_server 1.3.6.1 - 1.3.6.13

redhat/enterprise_linux 7.4

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_server 7.0

redhat/enterprise_linux_server 7.4

redhat/enterprise_linux_workstation 7.0

Published Mar 01, 2018

Tracked Since Feb 18, 2026