Page 3 of 40 results (0.007 seconds)

CVSS: 7.1EPSS: 1%CPEs: 10EXPL: 0

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. 389-ds-base en versiones anteriores a la 1.4.0.10 y 1.3.8.3 es vulnerable a una condición de carrera por la forma en la que 389-ds-base gestiona las búsquedas persistentes. Esto resulta en un cierre inesperado si el servidor está bajo carga. Un atacante anónimo podría explotar este error para provocar una denegación de servicio (DoS). A race condition was found in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html https://access.redhat.com/errata/RHSA-2018:2757 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://pagure.io/389-ds-base/c/8f04487f99a https://pagure.io/389-ds-base/issue/49768 https://access.redhat.com/security/cve/CVE-2018-10850 https://bugzilla.redhat.com/show_bug.cgi?id=1588056 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.5EPSS: 3%CPEs: 11EXPL: 0

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. 389-ds-base en versiones anteriores a la 1.4.0.9, 1.3.8.1 y 1.3.6.15 no gestionó correctamente los filtros de búsqueda largos con caracteres que necesitan escapado. Esto podría conducir a desbordamientos de búfer. Un atacante remoto no autenticado podría emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petición LDAP especialmente manipulada que resulta en una denegación de servicio (DoS). It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. • http://www.securityfocus.com/bid/104137 https://access.redhat.com/errata/RHSA-2018:1364 https://access.redhat.com/errata/RHSA-2018:1380 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://access.redhat.com/security/cve/CVE-2018-1089 https://bugzilla.redhat.com/show_bug.cgi?id=1559802 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request. 389 Directory Server 1.2.7.5, cuando se incluye con mozldap, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de replica) mediante el envío de una petición modify vacía. • https://bugzilla.redhat.com/show_bug.cgi?id=675320 https://bugzilla.redhat.com/show_bug.cgi?id=676876 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service. 389-ds-base, en versiones anteriores a la 1.3.6, es vulnerable a un array terminado indebidamente en NULL en la función uniqueness_entry_to_config() en el plugin "attribute uniqueness" de 389 Directory Server. Un atacante autenticado o, posiblemente, sin autenticar, podría emplear este error para forzar una lectura fuera de límites de la memoria dinámica (heap), desencadenando un cierre inesperado del servicio LDAP. • http://www.securityfocus.com/bid/95670 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591 https://pagure.io/389-ds-base/issue/48986 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. Se ha encontrado un error de lectura de memoria fuera de límites en la forma en la que 389-ds-base gestionaba ciertos filtros de búsqueda LDAP, que afecta a todas las versiones 1.4.x. Un atacante remoto no autenticado podría emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petición LDAP especialmente manipulada que resulta en una denegación de servicio (DoS). An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters. • http://www.securityfocus.com/bid/103228 https://access.redhat.com/errata/RHSA-2018:0414 https://access.redhat.com/errata/RHSA-2018:0515 https://bugzilla.redhat.com/show_bug.cgi?id=1537314 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://pagure.io/389-ds-base/issue/49545 https://access.redhat.com/security/cve/CVE-2018-1054 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •