CVE-2024-2199

EPSS 0.13%
Published 28.05.2024 12:15:08
Last modified 18.02.2025 11:15:12
Source secalert@redhat.com
Teams watchlist Login
Open Login

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/389ds/389-ds-base

≫

Package 389-ds-base

Default Statusunaffected

Version < 3.1.1

Version 0

Status affected

VendorRed Hat

≫

Product Red Hat Directory Server 11.5 E4S for RHEL 8

Default Statusaffected

Version < *

Version 8060020250210084424.0ca98e7e

Status unaffected

VendorRed Hat

≫

Product Red Hat Directory Server 11.8 for RHEL 8

Default Statusaffected

Version < *

Version 8090020240606122459.91529cd0

Status unaffected

VendorRed Hat

≫

Product Red Hat Directory Server 11.9 for RHEL 8

Default Statusaffected

Version < *

Version 8100020240604161237.37ed7c03

Status unaffected

VendorRed Hat

≫

Product Red Hat Directory Server 12.4 for RHEL 9

Default Statusaffected

Version < *

Version 9040020240604143706.1674d574

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 7

Default Statusaffected

Version < *

Version 0:1.3.11.1-5.el7_9

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 8100020240613122040.25e700aa

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 8.8 Extended Update Support

Default Statusaffected

Version < *

Version 8080020240807050952.6dbb3803

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:2.4.5-8.el9_4

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 9.2 Extended Update Support

Default Statusaffected

Version < *

Version 0:2.2.4-9.el9_2

Status unaffected

VendorRed Hat

≫

Product Red Hat Enterprise Linux 6

Default Statusunknown

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.337

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	5.7	2.1	3.6	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://access.redhat.com/errata/RHSA-2024:4209

https://access.redhat.com/errata/RHSA-2024:4633

https://access.redhat.com/errata/RHSA-2024:5690

https://access.redhat.com/errata/RHSA-2025:1632

https://access.redhat.com/errata/RHSA-2024:3591

https://access.redhat.com/errata/RHSA-2024:3837

https://access.redhat.com/errata/RHSA-2024:4092

https://access.redhat.com/errata/RHSA-2024:4210

https://access.redhat.com/errata/RHSA-2024:4235

https://access.redhat.com/security/cve/CVE-2024-2199

https://bugzilla.redhat.com/show_bug.cgi?id=2267976

https://nvd.nist.gov/vuln/detail/CVE-2024-2199

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2199

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2199

EUVD