389 DS LDAP Auth DoS via Malformed userPassword Mod
CVE-2024-2199 Published on May 28, 2024

389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Timeline

2024-03-05

Reported to Red Hat.

2024-05-28

Made public. 84 days later.

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2024-2199

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Directory Server E4s

Red Hat Directory Server

Red Hat Enterprise Linux (RHEL)

Red Hat Rhel Eus

Exploit Probability

EPSS

0.10%

Percentile

27.13%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

389 DS LDAP Auth DoS via Malformed userPassword ModCVE-2024-2199 Published on May 28, 2024

Vulnerability Analysis

Timeline

Weakness Type

Improper Input Validation

Products Associated with CVE-2024-2199

Exploit Probability

389 DS LDAP Auth DoS via Malformed userPassword Mod
CVE-2024-2199 Published on May 28, 2024