389DS Crash via Malformed userPassword Input
CVE-2024-8445 Published on September 5, 2024

389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199)
The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Timeline

2024-09-05

Reported to Red Hat.

2024-09-05

Made public.

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2024-8445

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Rhel Els

Red Hat Directory Server

Red Hat Enterprise Linux (RHEL)

Exploit Probability

EPSS

0.08%

Percentile

24.32%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

389DS Crash via Malformed userPassword InputCVE-2024-8445 Published on September 5, 2024

Vulnerability Analysis

Timeline

Weakness Type

Improper Input Validation

Products Associated with CVE-2024-8445

Exploit Probability

389DS Crash via Malformed userPassword Input
CVE-2024-8445 Published on September 5, 2024