389 Directory Server Red Hat 389 Directory Server

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Red Hat 389 Directory Server.

By the Year

In 2025 there have been 0 vulnerabilities in Red Hat 389 Directory Server. Last year, in 2024 389 Directory Server had 2 security vulnerabilities published. Right now, 389 Directory Server is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 2 6.50
2023 0 0.00
2022 3 6.83
2021 2 5.90
2020 0 0.00
2019 0 0.00
2018 1 6.50

It may take a day or so for new 389 Directory Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat 389 Directory Server Security Vulnerabilities

A flaw was found in the 389 Directory Server

CVE-2024-6237 6.5 - Medium - July 09, 2024

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

A heap overflow flaw was found in 389-ds-base

CVE-2024-1062 - February 12, 2024

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

Heap-based Buffer Overflow

A flaw was found In 389-ds-base

CVE-2022-2850 6.5 - Medium - October 14, 2022

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.

NULL Pointer Dereference

An access control bypass vulnerability found in 389-ds-base

CVE-2022-1949 7.5 - High - June 02, 2022

An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.

Insecure Direct Object Reference / IDOR

A vulnerability was found in the 389 Directory Server

CVE-2022-0996 6.5 - Medium - March 23, 2022

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.

authentification

When using a sync_repl client in 389-ds-base, an authenticated attacker

CVE-2021-3514 6.5 - Medium - May 28, 2021

When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not

CVE-2020-35518 5.3 - Medium - March 26, 2021

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

Side Channel Attack

A flaw was found in the 389 Directory Server

CVE-2018-10935 6.5 - Medium - September 11, 2018

A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.

Improper Input Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat 389 Directory Server or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe