CVE-2018-1089
published 2018-05-09CVE-2018-1089: 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer…
high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | 389-ds-base | < 389-ds-base 1.3.8.2-1 (bookworm) | 389-ds-base 1.3.8.2-1 (bookworm) |
| debian | debian_linux | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | >= 1.3.6.0 < 1.3.6.15 | 1.3.6.15 |
| fedoraproject | 389_directory_server | >= 1.4.0.0 < 1.4.0.9 | 1.4.0.9 |
| port389 | 389-ds-base | >= 0 < 1.3.8.2-1 | 1.3.8.2-1 |
| port389 | 389-ds-base | >= 0 < 1.3.8.2-1 | 1.3.8.2-1 |
| port389 | 389-ds-base | >= 0 < 1.3.8.2-1 | 1.3.8.2-1 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH