5.5

CVE-2024-1062

389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat389 Directory Server Version < 2.2.0
RedhatDirectory Server Version-
RedhatDirectory Server Version11.7
RedhatDirectory Server Version11.8
FedoraprojectFedora Version39
FedoraprojectFedora Version40
FedoraprojectFedora Version41
RedhatDirectory Server Version12.0
   RedhatEnterprise Linux Eus Version9.2
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Eus Version8.6
RedhatEnterprise Linux Eus Version8.8
RedhatEnterprise Linux Eus Version9.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.218
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://access.redhat.com/errata/RHSA-2024:1074
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:1372
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:3047
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:4209
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:4633
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:5690
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:7458
Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:1632
https://access.redhat.com/security/cve/CVE-2024-1062
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2256711
Vendor Advisory
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2261879
Vendor Advisory
Issue Tracking