vulnerability
Ubuntu: (CVE-2017-2668): 389-ds-base vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | Jun 22, 2018 | Jun 26, 2025 | Jul 28, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
Jun 22, 2018
Added
Jun 26, 2025
Modified
Jul 28, 2025
Description
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.
Solution
no-fix-ubuntu-package
References
- CVE-2017-2668
- https://attackerkb.com/topics/CVE-2017-2668
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1436575
- URL-https://git.centos.org/raw/rpms!389-ds-base!/c9e5dad69e2b497f118efac56f43cc6c74b6a695/SOURCES!0072-fix-for-cve-2017-2668-simple-return-text-if-suffix-n.patch
- URL-https://pagure.io/389-ds-base/issue/49184
- URL-https://www.cve.org/CVERecord?id=CVE-2017-2668
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.