CVE-2017-2668 — Improper Restriction of Operations within the Bounds of a Memory Buffer in 389 Directory Server

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476 — NULL Pointer Dereference9 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

7.6%

top 8.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Port389 389-ds-base Fedoraproject 389 Directory Server Redhat Enterprise Linux Desktop +2 more

Timeline

PublishedJun 22

Latest updateMay 13

Description

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶Debianport389/389-ds-base< 1.3.5.17-1+2

▶NVDfedoraproject/389_directory_server1.3.5.0 — 1.3.5.17+1

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

▶NVDredhat/enterprise_linux_desktop6.0, 7.0+1

▶NVDredhat/enterprise_linux_workstation6.0, 7.0+1

🔴Vulnerability Details

GHSA

GHSA-8xf9-83fh-q7rf: 389-ds-base before versions 1↗2022-05-13

▶

CVEList

CVE-2017-2668: 389-ds-base before versions 1↗2018-06-22

▶

OSV

CVE-2017-2668: 389-ds-base before versions 1↗2018-06-22

▶

📋Vendor Advisories

Red Hat

389-ds-base: Remote crash via crafted LDAP messages↗2017-04-10

▶

Debian

CVE-2017-2668: 389-ds-base - 389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid po...↗2017

▶

💬Community

Bugzilla

CVE-2017-5661 fop: XML external entity processing vulnerability↗2017-04-19

▶

Bugzilla

CVE-2017-2668 389-ds-base: Remote crash via crafted LDAP messages [fedora-all]↗2017-04-10

▶

Bugzilla

CVE-2017-2668 389-ds-base: Remote crash via crafted LDAP messages↗2017-03-28

▶