Red Hat Directory Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Directory Server.
By the Year
In 2024 there have been 2 vulnerabilities in Red Hat Directory Server with an average score of 6.5 out of ten. Last year Directory Server had 1 security vulnerability published. That is, 1 more vulnerability have already been reported in 2024 as compared to last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 1.00.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 2 | 6.50 |
2023 | 1 | 5.50 |
2022 | 2 | 7.00 |
2021 | 1 | 5.30 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Directory Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Directory Server Security Vulnerabilities
A flaw was found in the 389 Directory Server
CVE-2024-6237
6.5 - Medium
- July 09, 2024
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.
A heap overflow flaw was found in 389-ds-base
CVE-2024-1062
- February 12, 2024
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
Heap-based Buffer Overflow
A flaw was found in RHDS 11 and RHDS 12
CVE-2023-1055
5.5 - Medium
- February 27, 2023
A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.
Improper Certificate Validation
A flaw was found In 389-ds-base
CVE-2022-2850
6.5 - Medium
- October 14, 2022
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.
NULL Pointer Dereference
An access control bypass vulnerability found in 389-ds-base
CVE-2022-1949
7.5 - High
- June 02, 2022
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.
Insecure Direct Object Reference / IDOR
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not
CVE-2020-35518
5.3 - Medium
- March 26, 2021
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Side Channel Attack
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled
CVE-2014-3562
- August 21, 2014
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
Information Disclosure
Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query
CVE-2008-1677
- May 12, 2008
Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.
Classic Buffer Overflow
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5
CVE-2008-0892
- April 16, 2008
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Fedora Directory Server or by Red Hat? Click the Watch button to subscribe.