CVE-2021-3652

Note

this CVE is very similar to CVE-2017-15135. The patch for
CVE-2017-15135 seems to fix this issue. CVE-2017-15135
was introduced in a patch for CVE-2016-5405, not applied
in trusty and xenial. The patch for CVE-2017-15135 is
included in the package for releases following xenial.

Package	Release	Status
389-ds-base Launchpad, Ubuntu, Debian	bionic	Not vulnerable (1.3.7.10-1ubuntu1)
	focal	Not vulnerable (1.3.7.10-1ubuntu1)
	hirsute	Not vulnerable (1.3.7.10-1ubuntu1)
	impish	Not vulnerable (1.3.7.10-1ubuntu1)
	jammy	Not vulnerable (1.3.7.10-1ubuntu1)
	trusty	Does not exist (trusty was not-affected [code not present])
	upstream	Released (1.3.7.9-1, 1.4.2.18, 1.4.3.25, 1.4.4.17, 2.0.7)
	xenial	Not vulnerable (code not present)
	Patches: upstream: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 upstream: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 upstream: https://github.com/389ds/389-ds-base/commit/18271bad6395032a20465c7db9ea47636ad5fb45 upstream: https://github.com/389ds/389-ds-base/commit/fd4c991bd3da4c7d486a87ede8f4956cc6ed8a0d

Parameter	Value
Base score	6.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	Low
Integrity impact	Low
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2021-3652

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading