Insufficient Fix for Server Crash Vulnerability in 389-ds-base
CVE-2024-8445

5.7MEDIUM

Key Information:

Status
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Red Hat Directory Server 11
Red Hat Directory Server 12
Vendor
CVE Published:
5 September 2024

What is CVE-2024-8445?

An insufficient input validation vulnerability exists in Red Hat 389 Directory Server (389-ds-base), which allows authenticated users to cause a server crash. This vulnerability arises when an authenticated user attempts to modify the userPassword attribute using malformed input. The fix for a previous vulnerability (CVE-2024-2199) did not address all potential scenarios, leaving certain versions of the server susceptible to this issue. It is crucial for users to be aware of this risk and to apply the necessary updates to ensure the security and stability of their deployment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2024:7434
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-8445
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2310110
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.