CVE-2018-1089

CVE Details

Release Date:2018-07-30
Impact:None What is this?

Description


389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did notproperly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

See more information about CVE-2018-1089 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v2 metrics

Base Score: 5.0
Vector String: AV:N/AC:L/Au:N/C:N/I:N/A:P
Version: 2.0
Attack Vector: Network
Attack Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Partial

Errata information


PlatformErrataRelease Date
Oracle Linux version 6 (389-ds-base)ELSA-2018-13642018-05-09
Oracle Linux version 7 (389-ds-base)ELSA-2018-13802018-05-14


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete