CVE-2024-2199 389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c

2024-05-2812:04:07

CWE-20

redhat

github.com

denial of service

389-ds-base

ldap server

userpassword

input

vulnerability

5.7 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input.

CNA Affected

[
  {
    "cpes": [
      "cpe:/a:redhat:directory_server:12.4::el9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Directory Server 12.4 for RHEL 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "9040020240604143706.1674d574",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "redhat-ds:12",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7::client",
      "cpe:/o:redhat:enterprise_linux:7::workstation",
      "cpe:/o:redhat:enterprise_linux:7::server",
      "cpe:/o:redhat:enterprise_linux:7::computenode"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:1.3.11.1-5.el7_9",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "389-ds-base",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream",
      "cpe:/a:redhat:enterprise_linux:9::crb"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "versions": [
      {
        "status": "unaffected",
        "version": "0:2.4.5-8.el9_4",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "389-ds-base",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:directory_server:11"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Directory Server 11",
    "packageName": "redhat-ds:11/389-ds-base",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "packageName": "389-ds-base",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "packageName": "389-ds:1.4/389-ds-base",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  }
]