389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request

CVE-2024-6237

6.5MEDIUM

Key Information

Vendor: Red Hat
Status: Red Hat Directory Server 12.4 For Rhel 9; Red Hat Enterprise Linux 9; Red Hat Directory Server 11; Red Hat Enterprise Linux 6
Vendor: CVE Published:; 9 July 2024

Summary

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

Affected Version(s)

Red Hat Directory Server 12.4 for RHEL 9 <= 9040020240723122852.1674d574

Red Hat Enterprise Linux 9 <= 0:2.4.5-9.el9_4

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 6.5 to: 5.3 - (MEDIUM)
Aug 12, 2024
Risk change from: 6.5 to: 5.3 - (MEDIUM)
Aug 12, 2024
Risk change from: 6.5 to: 5.3 - (MEDIUM)
Aug 12, 2024
Vulnerability published.
Jul 9, 2024
Reported to Red Hat.
Jun 20, 2024

Collectors

NVD DatabaseMitre Database