389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.
References
Link | Resource |
---|---|
https://pagure.io/389-ds-base/issue/48986 | Patch Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591 | Issue Tracking Third Party Advisory |
http://www.securityfocus.com/bid/95670 | Third Party Advisory VDB Entry |
Information
Published : 2018-04-30 05:29
Updated : 2019-10-09 16:26
NVD link : CVE-2017-2591
Mitre link : CVE-2017-2591
JSON object : View
CWE
CWE-125
Out-of-bounds Read
Products Affected
redhat
- enterprise_linux
fedoraproject
- 389_directory_server