CVE-2024-6237

2024-07-0917:15:48

CWE-230

redhat

web.nvd.nist.gov

flaw

unauthenticated user

server crash

specific request

denial of service

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.0%

JSON

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

Affected configurations

Nvd

Node

redhatdirectory_serverMatch12.0

redhat389_directory_serverMatch-

redhatenterprise_linuxMatch9.0

VendorProductVersionCPE
redhatdirectory_server12.0cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:*
redhat389_directory_server-cpe:2.3:o:redhat:389_directory_server:-:*:*:*:*:*:*:*
redhatenterprise_linux9.0cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	directory_server	12.0	cpe:2.3:a:redhat:directory_server:12.0:::::::*
redhat	389_directory_server	-	cpe:2.3:o:redhat:389_directory_server:-:::::::*
redhat	enterprise_linux	9.0	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Directory Server 12.4 for RHEL 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "redhat-ds:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "9040020240723122852.1674d574",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:directory_server:12.4::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "389-ds-base",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:2.4.5-9.el9_4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::crb",
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Directory Server 11",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "redhat-ds:11/389-ds-base",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:directory_server:11"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "389-ds-base",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "389-ds-base",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "389-ds:1.4/389-ds-base",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  }
]