Vulnerability Details : CVE-2017-15134
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2017-15134
- cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-15134
1.80%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-15134
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-15134
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2017-15134
-
https://bugzilla.redhat.com/show_bug.cgi?id=1531573
1531573 – (CVE-2017-15134) CVE-2017-15134 389-ds-base: Remote DoS via search filters in slapi_filter_sprintf in slapd/util.cIssue Tracking;Patch
-
http://www.securityfocus.com/bid/102790
Red Hat '389-ds-base' CVE-2017-15134 Remote Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html
[SECURITY] [DLA 1428-1] 389-ds-base security update
-
https://access.redhat.com/errata/RHSA-2018:0163
RHSA-2018:0163 - Security Advisory - Red Hat Customer PortalPatch;Vendor Advisory
-
https://pagure.io/389-ds-base/c/6aa2acdc3cad9
Commit - 389-ds-base - 6aa2acdc3cad9 - Pagure.ioPatch
-
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html
[security-announce] openSUSE-SU-2019:1397-1: important: Security update
Jump to