Denial of Service Vulnerability in 389-ds-base LDAP Server by Red Hat
CVE-2025-2487
4.9MEDIUM
Key Information:
- Vendor
- Red Hat
- Status
- Vendor
- CVE Published:
- 18 March 2025
Summary
A flaw in the 389-ds-base LDAP Server allows a privileged user to trigger a Denial of Service condition. This vulnerability occurs during the Modify DN LDAP operation when the function's return value is not properly validated, leading to a potential NULL pointer dereference. Consequently, if a user executes a MODDN operation after an initial failure, the server may encounter a crash, impacting the availability of the service.
Affected Version(s)
Red Hat Directory Server 12.4 EUS for RHEL 9 9040020250325181857.1674d574
Red Hat Enterprise Linux 9.4 Extended Update Support 0:2.4.5-14.el9_4
References
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved