389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request
CVE-2024-6237

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Directory Server 12.4 For Rhel 9; Red Hat Enterprise Linux 9; Red Hat Directory Server 11; Red Hat Enterprise Linux 6
Vendor: CVE Published:; 9 July 2024

Summary

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

Affected Version(s)

Red Hat Directory Server 12.4 for RHEL 9 9040020240723122852.1674d574

Red Hat Enterprise Linux 9 0:2.4.5-9.el9_4

References

https://access.redhat.com/errata/RHSA-2024:4997

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:5192

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2024-6237

vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024