{
  "threat_severity" : "Low",
  "public_date" : "2016-09-13T00:00:00Z",
  "bugzilla" : {
    "description" : "389-ds-base: Heap buffer overflow in uiduniq.c",
    "id" : "1381481",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1381481"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:N/A:P",
    "status" : "draft"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.7",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-122",
  "details" : [ "389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the \"attribute uniqueness\" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.", "It was found that the uniqueness_entry_to_config() function, used by the \"attribute uniqueness\" plugin of 389 Directory Server, did not properly NULL terminate an array used in some configuration. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service." ],
  "statement" : "Red Hat Product Security has rated this issue as having Low security\nimpact, a future update may address this flaw.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "389-ds-base",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "389-ds-base",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-2591\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2591" ],
  "name" : "CVE-2017-2591",
  "csaw" : false
}