CVE-2024-2199

EPSS 0.09%
Veröffentlicht 28.05.2024 12:15:08
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 15

CNA 11 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/389ds/389-ds-base

≫

Paket 389-ds-base

Default Statusunaffected

Version 0

Version < 3.1.1

Status affected

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 11.5 E4S for RHEL 8

Default Statusaffected

Version 8060020250210084424.0ca98e7e

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 11.8 for RHEL 8

Default Statusaffected

Version 8090020240606122459.91529cd0

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 11.9 for RHEL 8

Default Statusaffected

Version 8100020240604161237.37ed7c03

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Directory Server 12.4 for RHEL 9

Default Statusaffected

Version 9040020240604143706.1674d574

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 7

Default Statusaffected

Version 0:1.3.11.1-5.el7_9

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8

Default Statusaffected

Version 8100020240613122040.25e700aa

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 8.8 Extended Update Support

Default Statusaffected

Version 8080020240807050952.6dbb3803

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9

Default Statusaffected

Version 0:2.4.5-8.el9_4

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 9.2 Extended Update Support

Default Statusaffected

Version 0:2.2.4-9.el9_2

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Enterprise Linux 6

Default Statusunknown

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.254

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	5.7	2.1	3.6	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHSA-2024:4209

https://access.redhat.com/errata/RHSA-2024:4633

https://access.redhat.com/errata/RHSA-2024:5690

https://access.redhat.com/errata/RHSA-2025:1632

https://access.redhat.com/errata/RHSA-2024:3591

https://access.redhat.com/errata/RHSA-2024:3837

https://access.redhat.com/errata/RHSA-2024:4092

https://access.redhat.com/errata/RHSA-2024:4210

https://access.redhat.com/errata/RHSA-2024:4235

https://access.redhat.com/security/cve/CVE-2024-2199

https://bugzilla.redhat.com/show_bug.cgi?id=2267976

https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html