Red Hat 389 Directory Server

A flaw was found In 389-ds-base

CVE-2022-2850 6.5 - Medium - October 14, 2022

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.

NULL Pointer Dereference

A vulnerability was found in the 389 Directory Server

CVE-2022-0996 6.5 - Medium - March 23, 2022

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.

authentification

When using a sync_repl client in 389-ds-base, an authenticated attacker

CVE-2021-3514 6.5 - Medium - May 28, 2021

When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not

CVE-2020-35518 5.3 - Medium - March 26, 2021

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

Side Channel Attack

A flaw was found in the 389 Directory Server

CVE-2018-10935 6.5 - Medium - September 11, 2018

A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.

Improper Input Validation