Описание
A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash.
Отчет
Red Hat rates this as a Moderate severity since the impact is limited to privileged users who can perform the operations, leading to an impact on server Availability. This issue is not reproducible in Red Hat Enterprise Linux (RHEL) 10 due to the way the RHEL 10 database write operations are serialized, therefore, it is not affected. 389-ds-base has been fixed in RHEL 9.5. Starting from RHDS 12.5, it uses 389-ds-base from RHEL-9.5. Hence, it's actually not-affected and fix will be picked after rebase from RHEL-9.5.
Меры по смягчению последствий
Currently, no mitigation is available for this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Directory Server 12 | redhat-ds:12/389-ds-base | Not affected | ||
| Red Hat Enterprise Linux 10 | 389-ds-base | Not affected | ||
| Red Hat Enterprise Linux 6 | 389-ds-base | Out of support scope | ||
| Red Hat Enterprise Linux 7 | 389-ds-base | Out of support scope | ||
| Red Hat Enterprise Linux 8 | 389-ds:1.4/389-ds-base | Out of support scope | ||
| Red Hat Directory Server 12.4 EUS for RHEL 9 | redhat-ds | Fixed | RHSA-2025:3670 | 08.04.2025 |
| Red Hat Enterprise Linux 9 | 389-ds-base | Fixed | RHSA-2025:4491 | 06.05.2025 |
| Red Hat Enterprise Linux 9 | 389-ds-base | Fixed | RHSA-2025:7395 | 13.05.2025 |
| Red Hat Enterprise Linux 9.4 Extended Update Support | 389-ds-base | Fixed | RHSA-2025:3663 | 08.04.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.9 Medium
CVSS3
Связанные уязвимости
A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash.
A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash.
A flaw was found in the 389-ds-base LDAP Server. This issue occurs whe ...
A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash.
EPSS
4.9 Medium
CVSS3