Insufficient Fix for Server Crash Vulnerability in 389-ds-base
CVE-2024-8445
5.7MEDIUM
Key Information:
- Vendor
Red Hat
- Status
- Vendor
- CVE Published:
- 5 September 2024
What is CVE-2024-8445?
An insufficient input validation vulnerability exists in Red Hat 389 Directory Server (389-ds-base), which allows authenticated users to cause a server crash. This vulnerability arises when an authenticated user attempts to modify the userPassword
attribute using malformed input. The fix for a previous vulnerability (CVE-2024-2199) did not address all potential scenarios, leaving certain versions of the server susceptible to this issue. It is crucial for users to be aware of this risk and to apply the necessary updates to ensure the security and stability of their deployment.
Affected Version(s)
Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:1.3.11.1-7.el7_9