Heap Overflow Flaw Leads to Denial of Service in 389-ds-base
CVE-2024-1062

5.5MEDIUM

Key Information:

Vendor
Red Hat
Status
Red Hat Directory Server 11.7 For Rhel 8
Red Hat Directory Server 11.8 For Rhel 8
Red Hat Directory Server 12.2 Eus For Rhel 9
Red Hat Enterprise Linux 8
Vendor
CVE Published:
12 February 2024

Summary

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

Affected Version(s)

Red Hat Directory Server 11.7 for RHEL 8 8080020240306153507.f969626e

Red Hat Directory Server 11.8 for RHEL 8 8090020240606122459.91529cd0

Red Hat Directory Server 12.2 EUS for RHEL 9 9020020240916150035.1674d574

References

https://access.redhat.com/errata/RHSA-2024:1074
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1372
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3047
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.