Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-8445

created 4 months, 3 weeks ago

389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199)

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.

Affected products

389-ds-base

==3.1.1
*

389-ds:1.4/389-ds-base

redhat-ds:11/389-ds-base

redhat-ds:12/389-ds-base

Matching in nixpkgs

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

nixos-unstable -
- nixpkgs-unstable 3.1.3

Package maintainers

@ners ners <ners@gmx.ch>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs._389-ds-base

Package maintainers