Denial of Service Vulnerability in 389-ds-base LDAP Server
CVE-2024-5953

5.7MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Directory Server 11.7 For Rhel 8; Red Hat Directory Server 11.9 For Rhel 8; Red Hat Directory Server 12.2 Eus For Rhel 9; Red Hat Directory Server 12.4 For Rhel 9
Vendor: CVE Published:; 18 June 2024

Summary

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.

Affected Version(s)

Red Hat Directory Server 11.7 for RHEL 8 8080020240909040333.f969626e

Red Hat Directory Server 11.9 for RHEL 8 8100020240902112955.37ed7c03

Red Hat Directory Server 12.2 EUS for RHEL 9 9020020240916150035.1674d574

References

https://access.redhat.com/errata/RHSA-2024:4633

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:4997

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:5192

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 18, 2024
Vulnerability Reserved
Jun 13, 2024

Collectors

NVD DatabaseMitre Database

Credit

This issue was discovered by Têko Mihinto (Red Hat).