Untriaged
Permalink
CVE-2024-8445
5.7 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): ADJACENT_NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199)
The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.
References
- RHBZ#2310110 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
- RHBZ#2310110 issue-tracking x_refsource_REDHAT
- RHSA-2024:7434 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
- RHBZ#2310110 issue-tracking x_refsource_REDHAT
- RHSA-2024:7434 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
- RHBZ#2310110 issue-tracking x_refsource_REDHAT
- RHSA-2024:7434 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
- RHBZ#2310110 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
- RHBZ#2310110 issue-tracking x_refsource_REDHAT
- RHSA-2024:7434 x_refsource_REDHAT vendor-advisory
- RHSA-2024:7434 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
- RHBZ#2310110 issue-tracking x_refsource_REDHAT
- RHSA-2024:7434 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
- RHBZ#2310110 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html
- https://access.redhat.com/security/cve/CVE-2024-8445 x_refsource_REDHAT vdb-entry
- RHBZ#2310110 issue-tracking x_refsource_REDHAT
- RHSA-2024:7434 x_refsource_REDHAT vendor-advisory
- https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html
Affected products
389-ds-base
- ==3.1.1
- *
389-ds:1.4/389-ds-base
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base
Matching in nixpkgs
pkgs._389-ds-base
Enterprise-class Open Source LDAP server for Linux
-
nixos-unstable -
- nixpkgs-unstable 3.1.3
Package maintainers
-
@ners ners <ners@gmx.ch>