Vulnerability Description
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | 389 Directory Server | < 1.3.6 |
| Redhat | Enterprise Linux | 7.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/95670Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591Issue TrackingThird Party Advisory
- https://pagure.io/389-ds-base/issue/48986PatchThird Party Advisory
- http://www.securityfocus.com/bid/95670Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591Issue TrackingThird Party Advisory
- https://pagure.io/389-ds-base/issue/48986PatchThird Party Advisory
FAQ
What is CVE-2017-2591?
CVE-2017-2591 is a vulnerability with a CVSS score of 3.7 (LOW). 389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An auth...
How severe is CVE-2017-2591?
CVE-2017-2591 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2591?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject 389 Directory Server, Redhat Enterprise Linux.