Authenticated Denial of Service Vulnerability in 389-ds-base LDAP Server
CVE-2024-2199
5.7MEDIUM
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Directory Server 11.8 For Rhel 8
- Red Hat Directory Server 11.9 For Rhel 8
- Red Hat Directory Server 12.4 For Rhel 9
- Red Hat Enterprise Linux 7
- Vendor
- CVE Published:
- 28 May 2024
Summary
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.
Affected Version(s)
Red Hat Directory Server 11.8 for RHEL 8 <= 8090020240606122459.91529cd0
Red Hat Directory Server 11.9 for RHEL 8 <= 8100020240604161237.37ed7c03
Red Hat Directory Server 12.4 for RHEL 9 <= 9040020240604143706.1674d574
CVSS V3.1
Score:
5.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 5.7 - (MEDIUM)
Vulnerability published.
Vulnerability Reserved.
Reported to Red Hat.
Collectors
NVD DatabaseMitre Database