Insufficient Fix for Server Crash Vulnerability in 389-ds-base

CVE-2024-8445

5.7MEDIUM

Key Information

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Directory Server 11; Red Hat Directory Server 12; Red Hat Enterprise Linux 6
Vendor: CVE Published:; 5 September 2024

Summary

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.

Affected Version(s)

Red Hat Enterprise Linux 7 Extended Lifecycle Support <= 0:1.3.11.1-7.el7_9

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 5.7 - (MEDIUM)
Oct 1, 2024
Vulnerability Reserved.
Sep 5, 2024
Reported to Red Hat.
Sep 5, 2024
Vulnerability published.
Sep 5, 2024

Collectors

NVD DatabaseMitre Database