389-ds-base is vulnerable to denial of service. The vulnerability exists when the content synchronization plugin is enabled, allowing an attacker crash the application through the null pointer dereference by providing a maliciously crafted query
Vendor | Product | Version | CPE |
---|---|---|---|
* | 389-ds-base | 1.3.10.2_13.el7_9 | cpe:2.3:a:*:389-ds-base:1.3.10.2_13.el7_9:*:*:*:*:*:*:* |
* | 389-ds-base | 1.2.11.15_85.el6_8 | cpe:2.3:a:*:389-ds-base:1.2.11.15_85.el6_8:*:*:*:*:*:*:* |
* | 389-ds-base | 1.3.7.5_19.el7_5 | cpe:2.3:a:*:389-ds-base:1.3.7.5_19.el7_5:*:*:*:*:*:*:* |
* | 389-ds-base | 1.3.10.2_8.el7_9 | cpe:2.3:a:*:389-ds-base:1.3.10.2_8.el7_9:*:*:*:*:*:*:* |
* | 389-ds-base | 1.2.11.15_12.el6_4 | cpe:2.3:a:*:389-ds-base:1.2.11.15_12.el6_4:*:*:*:*:*:*:* |
* | 389-ds-base | 1.3.10.1_5.el7 | cpe:2.3:a:*:389-ds-base:1.3.10.1_5.el7:*:*:*:*:*:*:* |
* | 389-ds-base | 1.2.11.15_91.el6_9 | cpe:2.3:a:*:389-ds-base:1.2.11.15_91.el6_9:*:*:*:*:*:*:* |
* | 389-ds-base | 1.2.11.15_60.el6 | cpe:2.3:a:*:389-ds-base:1.2.11.15_60.el6:*:*:*:*:*:*:* |
* | 389-ds-base | 1.2.11.15_72.el6_7 | cpe:2.3:a:*:389-ds-base:1.2.11.15_72.el6_7:*:*:*:*:*:*:* |
* | 389-ds-base | 1.3.9.1_10.el7 | cpe:2.3:a:*:389-ds-base:1.3.9.1_10.el7:*:*:*:*:*:*:* |
access.redhat.com/errata/RHSA-2022:7087
access.redhat.com/errata/RHSA-2022:7133
access.redhat.com/errata/RHSA-2022:8162
access.redhat.com/errata/RHSA-2022:8680
access.redhat.com/errata/RHSA-2022:8886
access.redhat.com/errata/RHSA-2022:8976
access.redhat.com/errata/RHSA-2023:0479
access.redhat.com/security/cve/CVE-2022-2850
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=2118691
lists.debian.org/debian-lts-announce/2023/04/msg00026.html