LDAP Query Flaw Leads to Denial of Service on 389-ds-base Directory Server

CVE-2024-3657

7.5HIGH

Key Information

Vendor: Red Hat
Status: Red Hat Directory Server 11.7 For Rhel 8; Red Hat Directory Server 11.8 For Rhel 8; Red Hat Directory Server 11.9 For Rhel 8; Red Hat Directory Server 12.4 For Rhel 9
Vendor: CVE Published:; 28 May 2024

Summary

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service

Affected Version(s)

Red Hat Directory Server 11.7 for RHEL 8 <= 8080020240909040333.f969626e

Red Hat Directory Server 11.8 for RHEL 8 <= 8090020240606122459.91529cd0

Red Hat Directory Server 11.9 for RHEL 8 <= 8100020240604161237.37ed7c03

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 7.5 - (HIGH)
May 28, 2024
Vulnerability published.
May 28, 2024
Vulnerability Reserved.
Apr 11, 2024
Reported to Red Hat.
Apr 10, 2024

Collectors

NVD DatabaseMitre Database