port389 389-ds-base CVE-2021-4091 in Port389 and Red Hat Products
Published on February 18, 2022

product logo product logo
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.

NVD

Weakness Type

What is a Double-free Vulnerability?

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. When a program calls free() twice with the same argument, the program's memory management data structures become corrupted. This corruption can cause the program to crash or, in some circumstances, cause two later calls to malloc() to return the same pointer. If malloc() returns the same value twice and the program later gives the attacker control over the data that is written into this doubly-allocated memory, the program becomes vulnerable to a buffer overflow attack.

CVE-2021-4091 has been classified to as a Double-free vulnerability or weakness.


Products Associated with CVE-2021-4091

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-4091 are published in these products:

Port389 389 Ds Base
 
Red Hat Enterprise Linux Desktop
 
Red Hat Enterprise Linux Ibm Z Systems
 
Red Hat Enterprise Linux Power Big Endian
 
Red Hat Enterprise Linux Power Little Endian
 
Red Hat Enterprise Linux Scientific Computing
 
Red Hat Enterprise Linux Server
 
Red Hat Enterprise Linux Workstation
 

Exploit Probability

EPSS
0.24%
Percentile
46.21%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.