389 DS LDAP Crafted Query DoS
CVE-2024-3657 Published on May 28, 2024

389-ds-base: potential denial of service via specially crafted kerberos as-req request
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-3657 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Timeline

2024-04-10

Reported to Red Hat.

2024-05-28

Made public. 48 days later.

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2024-3657

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Directory Server E4s

Red Hat Directory Server

Red Hat Directory Server Eus

Red Hat Enterprise Linux (RHEL)

Red Hat Rhel Eus

Affected Versions

Red Hat Directory Server 11.5 E4S for RHEL 8:

Version 8060020250210084424.0ca98e7e and below * is unaffected.

Red Hat Directory Server 11.7 for RHEL 8:

Version 8080020240909040333.f969626e and below * is unaffected.

Red Hat Directory Server 11.8 for RHEL 8:

Version 8090020240606122459.91529cd0 and below * is unaffected.

Red Hat Directory Server 11.9 for RHEL 8:

Version 8100020240604161237.37ed7c03 and below * is unaffected.

Red Hat Directory Server 12.2 EUS for RHEL 9:

Version 9020020240916150035.1674d574 and below * is unaffected.

Red Hat Directory Server 12.4 for RHEL 9:

Version 9040020240604143706.1674d574 and below * is unaffected.

Red Hat Enterprise Linux 7:

Version 0:1.3.11.1-5.el7_9 and below * is unaffected.

Red Hat Enterprise Linux 8:

Version 8100020240613122040.25e700aa and below * is unaffected.

Red Hat Enterprise Linux 8.8 Extended Update Support:

Version 8080020240807050952.6dbb3803 and below * is unaffected.

Red Hat Enterprise Linux 9:

Version 0:2.4.5-8.el9_4 and below * is unaffected.

Red Hat Enterprise Linux 9.2 Extended Update Support:

Version 0:2.2.4-9.el9_2 and below * is unaffected.

Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 6:

Exploit Probability

EPSS

0.60%

Percentile

69.08%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

389 DS LDAP Crafted Query DoSCVE-2024-3657 Published on May 28, 2024

Vulnerability Analysis

Timeline

Weakness Type

Improper Input Validation

Products Associated with CVE-2024-3657

Affected Versions

Exploit Probability

389 DS LDAP Crafted Query DoS
CVE-2024-3657 Published on May 28, 2024