LDAP Query Flaw Leads to Denial of Service on 389-ds-base Directory Server
CVE-2024-3657
7.5HIGH
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Directory Server 11.7 For Rhel 8
- Red Hat Directory Server 11.8 For Rhel 8
- Red Hat Directory Server 11.9 For Rhel 8
- Red Hat Directory Server 12.4 For Rhel 9
- Vendor
- CVE Published:
- 28 May 2024
Summary
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
Affected Version(s)
Red Hat Directory Server 11.7 for RHEL 8 <= 8080020240909040333.f969626e
Red Hat Directory Server 11.8 for RHEL 8 <= 8090020240606122459.91529cd0
Red Hat Directory Server 11.9 for RHEL 8 <= 8100020240604161237.37ed7c03
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 7.5 - (HIGH)
Vulnerability published.
Vulnerability Reserved.
Reported to Red Hat.
Collectors
NVD DatabaseMitre Database