Authenticated Denial of Service Vulnerability in 389-ds-base LDAP Server

CVE-2024-2199

5.7MEDIUM

Key Information

Vendor: Red Hat
Status: Red Hat Directory Server 11.8 For Rhel 8; Red Hat Directory Server 11.9 For Rhel 8; Red Hat Directory Server 12.4 For Rhel 9; Red Hat Enterprise Linux 7
Vendor: CVE Published:; 28 May 2024

Summary

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.

Affected Version(s)

Red Hat Directory Server 11.8 for RHEL 8 <= 8090020240606122459.91529cd0

Red Hat Directory Server 11.9 for RHEL 8 <= 8100020240604161237.37ed7c03

Red Hat Directory Server 12.4 for RHEL 9 <= 9040020240604143706.1674d574

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 5.7 - (MEDIUM)
May 28, 2024
Vulnerability published.
May 28, 2024
Vulnerability Reserved.
Mar 5, 2024
Reported to Red Hat.
Mar 5, 2024

Collectors

NVD DatabaseMitre Database