Red Hat Inc 389-Ds-Base vulnerabilities

3 known vulnerabilities affecting red_hat_inc/389-ds-base.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH3

Vulnerabilities

Page 1 of 1

CVE-2018-1054HIGHCVSS 7.5vall versions including upstream 1.4.x2018-03-07

CVE-2018-1054 [HIGH] CWE-120 CVE-2018-1054: An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filte An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

CVE-2017-15134HIGHCVSS 7.5v1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.52018-03-01

CVE-2017-15134 [HIGH] CWE-120 CVE-2017-15134: A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x befor A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

CVE-2017-15135HIGHCVSS 8.1vsince 1.3.6.1 up to and including 1.4.0.32018-01-24

CVE-2017-15135 [HIGH] CWE-287 CVE-2017-15135: It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle intern It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.