CVE-2024-2199

Опубликовано: 28 мая 2024

Источник: redhat

CVSS3: 5.7

Описание

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input.

Отчет

LDAP servers are not usually exposed to the open internet, requiring adjacent connectivity for a successful attack. This issue also requires a compromised user account to perform the attack. Therefore, this flaw is rated as a Moderate severity.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	389-ds-base	Out of support scope
Red Hat Directory Server 11.5 E4S for RHEL 8	redhat-ds	Fixed	RHSA-2025:1632	18.02.2025
Red Hat Directory Server 11.8 for RHEL 8	redhat-ds	Fixed	RHSA-2024:4209	02.07.2024
Red Hat Directory Server 11.9 for RHEL 8	redhat-ds	Fixed	RHSA-2024:4210	02.07.2024
Red Hat Directory Server 12.4 for RHEL 9	redhat-ds	Fixed	RHSA-2024:4092	25.06.2024
Red Hat Enterprise Linux 7	389-ds-base	Fixed	RHSA-2024:3591	04.06.2024
Red Hat Enterprise Linux 8	389-ds	Fixed	RHSA-2024:4235	02.07.2024
Red Hat Enterprise Linux 8.8 Extended Update Support	389-ds	Fixed	RHSA-2024:5690	21.08.2024
Red Hat Enterprise Linux 9	389-ds-base	Fixed	RHSA-2024:3837	11.06.2024
Red Hat Enterprise Linux 9.2 Extended Update Support	389-ds-base	Fixed	RHSA-2024:4633	18.07.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=2267976389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c

5.7 Medium

CVSS3

Связанные уязвимости

CVE-2024-2199

CVSS3: 5.7

ubuntu

около 1 года назад

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.

CVE-2024-2199

CVSS3: 5.7

nvd

около 1 года назад

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.