Описание
When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. The highest threat from this vulnerability is to system availability.
Отчет
Red Hat Identity Management is affected by this flaw, as Content Synchronization is enabled by default.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | 389-ds-base | Out of support scope | ||
| Red Hat Enterprise Linux 7 | 389-ds-base | Out of support scope | ||
| Red Hat Enterprise Linux 9 | 389-ds-base | Not affected | ||
| Red Hat Directory Server 11.3 for RHEL 8 | redhat-ds | Fixed | RHSA-2022:0952 | 16.03.2022 |
| Red Hat Directory Server 11.4 for RHEL 8 | redhat-ds | Fixed | RHSA-2021:3955 | 25.10.2021 |
| Red Hat Enterprise Linux 8 | 389-ds | Fixed | RHSA-2021:2595 | 29.06.2021 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | 389-ds | Fixed | RHSA-2021:2796 | 21.07.2021 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.
When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.
When using a sync_repl client in 389-ds-base, an authenticated attacke ...
6.5 Medium
CVSS3