CVE-2018-1054

EPSS 6.85%
Published 07.03.2018 13:29:00
Last modified 21.11.2024 03:59:04
Source secalert@redhat.com
Teams watchlist Login
Open Login

An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

Affected products Warnungen 0 Metrics 3 CWE 2 References 9

Data is provided by the National Vulnerability Database (NVD)

Fedoraproject ≫ 389 Directory Server Version <= 1.4.0.6

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Version7.4

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	6.85%	0.909

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html

https://access.redhat.com/errata/RHSA-2018:0414

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0515

Third Party Advisory

http://www.securityfocus.com/bid/103228

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1537314

Patch