Denial of Service Vulnerability in 389-ds-base LDAP Server by Red Hat
CVE-2025-2487

4.9MEDIUM

Summary

A flaw in the 389-ds-base LDAP Server allows a privileged user to trigger a Denial of Service condition. This vulnerability occurs during the Modify DN LDAP operation when the function's return value is not properly validated, leading to a potential NULL pointer dereference. Consequently, if a user executes a MODDN operation after an initial failure, the server may encounter a crash, impacting the availability of the service.

Affected Version(s)

Red Hat Directory Server 12.4 EUS for RHEL 9 9040020250325181857.1674d574

Red Hat Enterprise Linux 9.4 Extended Update Support 0:2.4.5-14.el9_4

References

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.