Denial of Service Vulnerability in 389-ds-base LDAP Server

CVE-2024-5953

5.7MEDIUM

Key Information

Vendor: Red Hat
Status: Red Hat Directory Server 11.7 For Rhel 8; Red Hat Directory Server 11.9 For Rhel 8; Red Hat Directory Server 12.4 For Rhel 9; Red Hat Enterprise Linux 7 Extended Lifecycle Support
Vendor: CVE Published:; 18 June 2024

Summary

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.

Affected Version(s)

Red Hat Directory Server 11.7 for RHEL 8 <= 8080020240909040333.f969626e

Red Hat Directory Server 11.9 for RHEL 8 <= 8100020240902112955.37ed7c03

Red Hat Directory Server 12.4 for RHEL 9 <= 9040020240723122852.1674d574

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 5.7 - (MEDIUM)
Jun 18, 2024
Vulnerability published.
Jun 18, 2024
Vulnerability Reserved.
Jun 13, 2024
Reported to Red Hat.
Jun 13, 2024

Collectors

NVD DatabaseMitre Database

Credit

This issue was discovered by Têko Mihinto (Red Hat).