Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Red Hat Directory Server 12.4 for RHEL 9 by Red Hat

    CVE-2024-6237 (GCVE-0-2024-6237)

    Vulnerability from nvd – Published: 2024-07-09 16:39 – Updated: 2025-11-20 19:54
    VLAI
    Title
    389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request
    Summary
    A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-230 - Improper Handling of Missing Values
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.4.5 (semver)
    Red Hat Red Hat Directory Server 12.4 for RHEL 9 Unaffected: 9040020240723122852.1674d574 , < * (rpm)
        cpe:/a:redhat:directory_server:12.4::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.4.5-9.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11     cpe:/a:redhat:directory_server:11
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Date Public
    2024-07-09 16:03
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6237",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-13T20:16:20.543543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-13T20:16:27.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:33:05.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-6237"
              },
              {
                "name": "RHBZ#2293579",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293579"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/389ds/389-ds-base/issues/5989"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/389ds/389-ds-base",
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "versions": [
                {
                  "lessThan": "2.4.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12",
              "product": "Red Hat Directory Server 12.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "9040020240723122852.1674d574",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.5-9.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11"
              ],
              "defaultStatus": "unaffected",
              "packageName": "redhat-ds:11/389-ds-base",
              "product": "Red Hat Directory Server 11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "389-ds:1.4/389-ds-base",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-07-09T16:03:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-230",
                  "description": "Improper Handling of Missing Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T19:54:11.313Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:4997",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4997"
            },
            {
              "name": "RHSA-2024:5192",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5192"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-6237"
            },
            {
              "name": "RHBZ#2293579",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293579"
            },
            {
              "url": "https://github.com/389ds/389-ds-base/issues/5989"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-20T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-07-09T16:03:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-230: Improper Handling of Missing Values"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-6237",
        "datePublished": "2024-07-09T16:39:58.810Z",
        "dateReserved": "2024-06-21T02:32:34.022Z",
        "dateUpdated": "2025-11-20T19:54:11.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-5953 (GCVE-0-2024-5953)

    Vulnerability from nvd – Published: 2024-06-18 10:01 – Updated: 2026-02-25 20:31
    VLAI
    Title
    389-ds-base: malformed userpassword hash may cause denial of service
    Summary
    A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:4633 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4997 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5192 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5690 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6153 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6568 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6569 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6576 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7458 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1632 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-5953 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2292104 issue-trackingx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2025…
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Directory Server 11.5 E4S for RHEL 8 Unaffected: 8060020250210084424.0ca98e7e , < * (rpm)
        cpe:/a:redhat:directory_server_e4s:11.5::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.7 for RHEL 8 Unaffected: 8080020240909040333.f969626e , < * (rpm)
        cpe:/a:redhat:directory_server:11.7::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.9 for RHEL 8 Unaffected: 8100020240902112955.37ed7c03 , < * (rpm)
        cpe:/a:redhat:directory_server:11.9::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 12.2 EUS for RHEL 9 Unaffected: 9020020240916150035.1674d574 , < * (rpm)
        cpe:/a:redhat:directory_server_eus:12.2::el9
    Create a notification for this product.
    Red Hat Red Hat Directory Server 12.4 for RHEL 9 Unaffected: 9040020240723122852.1674d574 , < * (rpm)
        cpe:/a:redhat:directory_server:12.4::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.3.11.1-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020240910065753.25e700aa , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 8080020240807050952.6dbb3803 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.4.5-9.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.2.4-9.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2024-06-13 00:00
    Credits
    This issue was discovered by Têko Mihinto (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5953",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-18T13:32:13.391886Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T13:33:04.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:56:21.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:4633",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4633"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-5953"
              },
              {
                "name": "RHBZ#2292104",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292104"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/389ds/389-ds-base",
              "defaultStatus": "affected",
              "packageName": "389-ds-base"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server_e4s:11.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.5 E4S for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8060020250210084424.0ca98e7e",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11.7::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.7 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8080020240909040333.f969626e",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11.9::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.9 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240902112955.37ed7c03",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server_eus:12.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12",
              "product": "Red Hat Directory Server 12.2 EUS for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "9020020240916150035.1674d574",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12",
              "product": "Red Hat Directory Server 12.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "9040020240723122852.1674d574",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.11.1-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240910065753.25e700aa",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8080020240807050952.6dbb3803",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.5-9.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.4-9.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by T\u00eako Mihinto (Red Hat)."
            }
          ],
          "datePublic": "2024-06-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1288",
                  "description": "Improper Validation of Consistency within Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T20:31:51.523Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:4633",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4633"
            },
            {
              "name": "RHSA-2024:4997",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4997"
            },
            {
              "name": "RHSA-2024:5192",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5192"
            },
            {
              "name": "RHSA-2024:5690",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5690"
            },
            {
              "name": "RHSA-2024:6153",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6153"
            },
            {
              "name": "RHSA-2024:6568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6568"
            },
            {
              "name": "RHSA-2024:6569",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6569"
            },
            {
              "name": "RHSA-2024:6576",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6576"
            },
            {
              "name": "RHSA-2024:7458",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7458"
            },
            {
              "name": "RHSA-2025:1632",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1632"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-5953"
            },
            {
              "name": "RHBZ#2292104",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292104"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-13T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-06-13T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: malformed userpassword hash may cause denial of service",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1288: Improper Validation of Consistency within Input"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-5953",
        "datePublished": "2024-06-18T10:01:56.714Z",
        "dateReserved": "2024-06-13T04:20:35.951Z",
        "dateUpdated": "2026-02-25T20:31:51.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3657 (GCVE-0-2024-3657)

    Vulnerability from nvd – Published: 2024-05-28 12:53 – Updated: 2026-02-25 19:31
    VLAI
    Title
    389-ds-base: potential denial of service via specially crafted kerberos as-req request
    Summary
    A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:3591 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3837 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4092 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4209 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4210 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4235 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4633 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5690 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6576 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7458 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1632 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-3657 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2274401 issue-trackingx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2025…
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Directory Server 11.5 E4S for RHEL 8 Unaffected: 8060020250210084424.0ca98e7e , < * (rpm)
        cpe:/a:redhat:directory_server_e4s:11.5::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.7 for RHEL 8 Unaffected: 8080020240909040333.f969626e , < * (rpm)
        cpe:/a:redhat:directory_server:11.7::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.8 for RHEL 8 Unaffected: 8090020240606122459.91529cd0 , < * (rpm)
        cpe:/a:redhat:directory_server:11.8::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.9 for RHEL 8 Unaffected: 8100020240604161237.37ed7c03 , < * (rpm)
        cpe:/a:redhat:directory_server:11.9::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 12.2 EUS for RHEL 9 Unaffected: 9020020240916150035.1674d574 , < * (rpm)
        cpe:/a:redhat:directory_server_eus:12.2::el9
    Create a notification for this product.
    Red Hat Red Hat Directory Server 12.4 for RHEL 9 Unaffected: 9040020240604143706.1674d574 , < * (rpm)
        cpe:/a:redhat:directory_server:12.4::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:1.3.11.1-5.el7_9 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:7::server
        cpe:/o:redhat:enterprise_linux:7::workstation
        cpe:/o:redhat:enterprise_linux:7::computenode
        cpe:/o:redhat:enterprise_linux:7::client
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020240613122040.25e700aa , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 8080020240807050952.6dbb3803 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.4.5-8.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.2.4-9.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2024-05-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3657",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-05T20:48:33.613730Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-05T20:49:13.347Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:37:48.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:3591",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3591"
              },
              {
                "name": "RHSA-2024:3837",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3837"
              },
              {
                "name": "RHSA-2024:4092",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4092"
              },
              {
                "name": "RHSA-2024:4209",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4209"
              },
              {
                "name": "RHSA-2024:4210",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4210"
              },
              {
                "name": "RHSA-2024:4235",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4235"
              },
              {
                "name": "RHSA-2024:4633",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4633"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-3657"
              },
              {
                "name": "RHBZ#2274401",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274401"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server_e4s:11.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.5 E4S for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8060020250210084424.0ca98e7e",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11.7::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.7 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8080020240909040333.f969626e",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11.8::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.8 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8090020240606122459.91529cd0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11.9::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.9 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240604161237.37ed7c03",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server_eus:12.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12",
              "product": "Red Hat Directory Server 12.2 EUS for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "9020020240916150035.1674d574",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12",
              "product": "Red Hat Directory Server 12.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "9040020240604143706.1674d574",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::server",
                "cpe:/o:redhat:enterprise_linux:7::workstation",
                "cpe:/o:redhat:enterprise_linux:7::computenode",
                "cpe:/o:redhat:enterprise_linux:7::client"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.11.1-5.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240613122040.25e700aa",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8080020240807050952.6dbb3803",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.5-8.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.4-9.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-05-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service"
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T19:31:07.103Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:3591",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3591"
            },
            {
              "name": "RHSA-2024:3837",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3837"
            },
            {
              "name": "RHSA-2024:4092",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4092"
            },
            {
              "name": "RHSA-2024:4209",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4209"
            },
            {
              "name": "RHSA-2024:4210",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4210"
            },
            {
              "name": "RHSA-2024:4235",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4235"
            },
            {
              "name": "RHSA-2024:4633",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4633"
            },
            {
              "name": "RHSA-2024:5690",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5690"
            },
            {
              "name": "RHSA-2024:6576",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6576"
            },
            {
              "name": "RHSA-2024:7458",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7458"
            },
            {
              "name": "RHSA-2025:1632",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1632"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-3657"
            },
            {
              "name": "RHBZ#2274401",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274401"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-10T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-28T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: potential denial of service via specially crafted kerberos as-req request",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-20: Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-3657",
        "datePublished": "2024-05-28T12:53:03.399Z",
        "dateReserved": "2024-04-11T14:21:25.571Z",
        "dateUpdated": "2026-02-25T19:31:07.103Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-2199 (GCVE-0-2024-2199)

    Vulnerability from nvd – Published: 2024-05-28 12:04 – Updated: 2026-06-26 04:12
    VLAI
    Title
    389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c
    Summary
    A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.1.1 (semver)
    Red Hat Red Hat Directory Server 11.5 E4S for RHEL 8 Unaffected: 8060020250210084424.0ca98e7e , < * (rpm)
        cpe:/a:redhat:directory_server_e4s:11.5::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.8 for RHEL 8 Unaffected: 8090020240606122459.91529cd0 , < * (rpm)
        cpe:/a:redhat:directory_server:11.8::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.9 for RHEL 8 Unaffected: 8100020240604161237.37ed7c03 , < * (rpm)
        cpe:/a:redhat:directory_server:11.9::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 12.4 for RHEL 9 Unaffected: 9040020240604143706.1674d574 , < * (rpm)
        cpe:/a:redhat:directory_server:12.4::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:1.3.11.1-5.el7_9 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:7::client
        cpe:/o:redhat:enterprise_linux:7::computenode
        cpe:/o:redhat:enterprise_linux:7::server
        cpe:/o:redhat:enterprise_linux:7::workstation
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020240613122040.25e700aa , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 8080020240807050952.6dbb3803 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.4.5-8.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.2.4-9.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2024-05-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2199",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-28T15:52:25.507062Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:30:35.441Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:36:43.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:3591",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3591"
              },
              {
                "name": "RHSA-2024:3837",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3837"
              },
              {
                "name": "RHSA-2024:4092",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4092"
              },
              {
                "name": "RHSA-2024:4209",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4209"
              },
              {
                "name": "RHSA-2024:4210",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4210"
              },
              {
                "name": "RHSA-2024:4235",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4235"
              },
              {
                "name": "RHSA-2024:4633",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4633"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-2199"
              },
              {
                "name": "RHBZ#2267976",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267976"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/389ds/389-ds-base",
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "versions": [
                {
                  "lessThan": "3.1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server_e4s:11.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.5 E4S for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8060020250210084424.0ca98e7e",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11.8::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.8 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8090020240606122459.91529cd0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11.9::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.9 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240604161237.37ed7c03",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12",
              "product": "Red Hat Directory Server 12.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "9040020240604143706.1674d574",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::client",
                "cpe:/o:redhat:enterprise_linux:7::computenode",
                "cpe:/o:redhat:enterprise_linux:7::server",
                "cpe:/o:redhat:enterprise_linux:7::workstation"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.11.1-5.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240613122040.25e700aa",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8080020240807050952.6dbb3803",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.5-8.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.4-9.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-05-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T04:12:26.130Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:3591",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3591"
            },
            {
              "name": "RHSA-2024:3837",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3837"
            },
            {
              "name": "RHSA-2024:4092",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4092"
            },
            {
              "name": "RHSA-2024:4209",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4209"
            },
            {
              "name": "RHSA-2024:4210",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4210"
            },
            {
              "name": "RHSA-2024:4235",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4235"
            },
            {
              "name": "RHSA-2024:4633",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4633"
            },
            {
              "name": "RHSA-2024:5690",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5690"
            },
            {
              "name": "RHSA-2025:1632",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1632"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-2199"
            },
            {
              "name": "RHBZ#2267976",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267976"
            },
            {
              "url": "https://www.port389.org/docs/389ds/releases/release-3-1-1.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-05T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-28T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-20: Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-2199",
        "datePublished": "2024-05-28T12:04:07.401Z",
        "dateReserved": "2024-03-05T18:54:52.210Z",
        "dateUpdated": "2026-06-26T04:12:26.130Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-6237 (GCVE-0-2024-6237)

    Vulnerability from cvelistv5 – Published: 2024-07-09 16:39 – Updated: 2025-11-20 19:54
    VLAI
    Title
    389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request
    Summary
    A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-230 - Improper Handling of Missing Values
    Assigner
    References
    Impacted products
    Vendor Product Version
    Affected: 0 , < 2.4.5 (semver)
    Red Hat Red Hat Directory Server 12.4 for RHEL 9 Unaffected: 9040020240723122852.1674d574 , < * (rpm)
        cpe:/a:redhat:directory_server:12.4::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.4.5-9.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11     cpe:/a:redhat:directory_server:11
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Date Public
    2024-07-09 16:03
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6237",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-13T20:16:20.543543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-13T20:16:27.843Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:33:05.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-6237"
              },
              {
                "name": "RHBZ#2293579",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293579"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/389ds/389-ds-base/issues/5989"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/389ds/389-ds-base",
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "versions": [
                {
                  "lessThan": "2.4.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12",
              "product": "Red Hat Directory Server 12.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "9040020240723122852.1674d574",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.5-9.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11"
              ],
              "defaultStatus": "unaffected",
              "packageName": "redhat-ds:11/389-ds-base",
              "product": "Red Hat Directory Server 11",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "389-ds:1.4/389-ds-base",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-07-09T16:03:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-230",
                  "description": "Improper Handling of Missing Values",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T19:54:11.313Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:4997",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4997"
            },
            {
              "name": "RHSA-2024:5192",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5192"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-6237"
            },
            {
              "name": "RHBZ#2293579",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293579"
            },
            {
              "url": "https://github.com/389ds/389-ds-base/issues/5989"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-20T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-07-09T16:03:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_redhatCweChain": "CWE-230: Improper Handling of Missing Values"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-6237",
        "datePublished": "2024-07-09T16:39:58.810Z",
        "dateReserved": "2024-06-21T02:32:34.022Z",
        "dateUpdated": "2025-11-20T19:54:11.313Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-5953 (GCVE-0-2024-5953)

    Vulnerability from cvelistv5 – Published: 2024-06-18 10:01 – Updated: 2026-02-25 20:31
    VLAI
    Title
    389-ds-base: malformed userpassword hash may cause denial of service
    Summary
    A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:4633 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4997 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5192 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5690 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6153 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6568 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6569 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6576 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7458 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1632 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-5953 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2292104 issue-trackingx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2025…
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Directory Server 11.5 E4S for RHEL 8 Unaffected: 8060020250210084424.0ca98e7e , < * (rpm)
        cpe:/a:redhat:directory_server_e4s:11.5::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.7 for RHEL 8 Unaffected: 8080020240909040333.f969626e , < * (rpm)
        cpe:/a:redhat:directory_server:11.7::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.9 for RHEL 8 Unaffected: 8100020240902112955.37ed7c03 , < * (rpm)
        cpe:/a:redhat:directory_server:11.9::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 12.2 EUS for RHEL 9 Unaffected: 9020020240916150035.1674d574 , < * (rpm)
        cpe:/a:redhat:directory_server_eus:12.2::el9
    Create a notification for this product.
    Red Hat Red Hat Directory Server 12.4 for RHEL 9 Unaffected: 9040020240723122852.1674d574 , < * (rpm)
        cpe:/a:redhat:directory_server:12.4::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:1.3.11.1-6.el7_9 , < * (rpm)
        cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020240910065753.25e700aa , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 8080020240807050952.6dbb3803 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.4.5-9.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::crb
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.2.4-9.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2024-06-13 00:00
    Credits
    This issue was discovered by Têko Mihinto (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5953",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-18T13:32:13.391886Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T13:33:04.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:56:21.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:4633",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4633"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-5953"
              },
              {
                "name": "RHBZ#2292104",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292104"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/389ds/389-ds-base",
              "defaultStatus": "affected",
              "packageName": "389-ds-base"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server_e4s:11.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.5 E4S for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8060020250210084424.0ca98e7e",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11.7::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.7 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8080020240909040333.f969626e",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11.9::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.9 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240902112955.37ed7c03",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server_eus:12.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12",
              "product": "Red Hat Directory Server 12.2 EUS for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "9020020240916150035.1674d574",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12",
              "product": "Red Hat Directory Server 12.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "9040020240723122852.1674d574",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:rhel_els:7"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.11.1-6.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240910065753.25e700aa",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8080020240807050952.6dbb3803",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::crb",
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.5-9.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.4-9.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by T\u00eako Mihinto (Red Hat)."
            }
          ],
          "datePublic": "2024-06-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1288",
                  "description": "Improper Validation of Consistency within Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T20:31:51.523Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:4633",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4633"
            },
            {
              "name": "RHSA-2024:4997",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4997"
            },
            {
              "name": "RHSA-2024:5192",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5192"
            },
            {
              "name": "RHSA-2024:5690",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5690"
            },
            {
              "name": "RHSA-2024:6153",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6153"
            },
            {
              "name": "RHSA-2024:6568",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6568"
            },
            {
              "name": "RHSA-2024:6569",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6569"
            },
            {
              "name": "RHSA-2024:6576",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6576"
            },
            {
              "name": "RHSA-2024:7458",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7458"
            },
            {
              "name": "RHSA-2025:1632",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1632"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-5953"
            },
            {
              "name": "RHBZ#2292104",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292104"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-13T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-06-13T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: malformed userpassword hash may cause denial of service",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1288: Improper Validation of Consistency within Input"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-5953",
        "datePublished": "2024-06-18T10:01:56.714Z",
        "dateReserved": "2024-06-13T04:20:35.951Z",
        "dateUpdated": "2026-02-25T20:31:51.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3657 (GCVE-0-2024-3657)

    Vulnerability from cvelistv5 – Published: 2024-05-28 12:53 – Updated: 2026-02-25 19:31
    VLAI
    Title
    389-ds-base: potential denial of service via specially crafted kerberos as-req request
    Summary
    A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:3591 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:3837 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4092 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4209 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4210 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4235 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:4633 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:5690 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:6576 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2024:7458 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:1632 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2024-3657 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2274401 issue-trackingx_refsource_REDHAT
    https://lists.debian.org/debian-lts-announce/2025…
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Directory Server 11.5 E4S for RHEL 8 Unaffected: 8060020250210084424.0ca98e7e , < * (rpm)
        cpe:/a:redhat:directory_server_e4s:11.5::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.7 for RHEL 8 Unaffected: 8080020240909040333.f969626e , < * (rpm)
        cpe:/a:redhat:directory_server:11.7::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.8 for RHEL 8 Unaffected: 8090020240606122459.91529cd0 , < * (rpm)
        cpe:/a:redhat:directory_server:11.8::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.9 for RHEL 8 Unaffected: 8100020240604161237.37ed7c03 , < * (rpm)
        cpe:/a:redhat:directory_server:11.9::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 12.2 EUS for RHEL 9 Unaffected: 9020020240916150035.1674d574 , < * (rpm)
        cpe:/a:redhat:directory_server_eus:12.2::el9
    Create a notification for this product.
    Red Hat Red Hat Directory Server 12.4 for RHEL 9 Unaffected: 9040020240604143706.1674d574 , < * (rpm)
        cpe:/a:redhat:directory_server:12.4::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:1.3.11.1-5.el7_9 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:7::server
        cpe:/o:redhat:enterprise_linux:7::workstation
        cpe:/o:redhat:enterprise_linux:7::computenode
        cpe:/o:redhat:enterprise_linux:7::client
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020240613122040.25e700aa , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 8080020240807050952.6dbb3803 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.4.5-8.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.2.4-9.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2024-05-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3657",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-05T20:48:33.613730Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-05T20:49:13.347Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:37:48.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:3591",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3591"
              },
              {
                "name": "RHSA-2024:3837",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3837"
              },
              {
                "name": "RHSA-2024:4092",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4092"
              },
              {
                "name": "RHSA-2024:4209",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4209"
              },
              {
                "name": "RHSA-2024:4210",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4210"
              },
              {
                "name": "RHSA-2024:4235",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4235"
              },
              {
                "name": "RHSA-2024:4633",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4633"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-3657"
              },
              {
                "name": "RHBZ#2274401",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274401"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server_e4s:11.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.5 E4S for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8060020250210084424.0ca98e7e",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11.7::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.7 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8080020240909040333.f969626e",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11.8::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.8 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8090020240606122459.91529cd0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11.9::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.9 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240604161237.37ed7c03",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server_eus:12.2::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12",
              "product": "Red Hat Directory Server 12.2 EUS for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "9020020240916150035.1674d574",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12",
              "product": "Red Hat Directory Server 12.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "9040020240604143706.1674d574",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::server",
                "cpe:/o:redhat:enterprise_linux:7::workstation",
                "cpe:/o:redhat:enterprise_linux:7::computenode",
                "cpe:/o:redhat:enterprise_linux:7::client"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.11.1-5.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240613122040.25e700aa",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8080020240807050952.6dbb3803",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.5-8.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.4-9.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-05-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service"
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T19:31:07.103Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:3591",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3591"
            },
            {
              "name": "RHSA-2024:3837",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3837"
            },
            {
              "name": "RHSA-2024:4092",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4092"
            },
            {
              "name": "RHSA-2024:4209",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4209"
            },
            {
              "name": "RHSA-2024:4210",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4210"
            },
            {
              "name": "RHSA-2024:4235",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4235"
            },
            {
              "name": "RHSA-2024:4633",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4633"
            },
            {
              "name": "RHSA-2024:5690",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5690"
            },
            {
              "name": "RHSA-2024:6576",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:6576"
            },
            {
              "name": "RHSA-2024:7458",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:7458"
            },
            {
              "name": "RHSA-2025:1632",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1632"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-3657"
            },
            {
              "name": "RHBZ#2274401",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274401"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-10T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-28T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: potential denial of service via specially crafted kerberos as-req request",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-20: Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-3657",
        "datePublished": "2024-05-28T12:53:03.399Z",
        "dateReserved": "2024-04-11T14:21:25.571Z",
        "dateUpdated": "2026-02-25T19:31:07.103Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-2199 (GCVE-0-2024-2199)

    Vulnerability from cvelistv5 – Published: 2024-05-28 12:04 – Updated: 2026-06-26 04:12
    VLAI
    Title
    389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c
    Summary
    A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 3.1.1 (semver)
    Red Hat Red Hat Directory Server 11.5 E4S for RHEL 8 Unaffected: 8060020250210084424.0ca98e7e , < * (rpm)
        cpe:/a:redhat:directory_server_e4s:11.5::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.8 for RHEL 8 Unaffected: 8090020240606122459.91529cd0 , < * (rpm)
        cpe:/a:redhat:directory_server:11.8::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 11.9 for RHEL 8 Unaffected: 8100020240604161237.37ed7c03 , < * (rpm)
        cpe:/a:redhat:directory_server:11.9::el8
    Create a notification for this product.
    Red Hat Red Hat Directory Server 12.4 for RHEL 9 Unaffected: 9040020240604143706.1674d574 , < * (rpm)
        cpe:/a:redhat:directory_server:12.4::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:1.3.11.1-5.el7_9 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:7::client
        cpe:/o:redhat:enterprise_linux:7::computenode
        cpe:/o:redhat:enterprise_linux:7::server
        cpe:/o:redhat:enterprise_linux:7::workstation
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020240613122040.25e700aa , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 8080020240807050952.6dbb3803 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.4.5-8.el9_4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
        cpe:/a:redhat:enterprise_linux:9::crb
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.2.4-9.el9_2 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Date Public
    2024-05-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2199",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-28T15:52:25.507062Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:30:35.441Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:36:43.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:3591",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3591"
              },
              {
                "name": "RHSA-2024:3837",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3837"
              },
              {
                "name": "RHSA-2024:4092",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4092"
              },
              {
                "name": "RHSA-2024:4209",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4209"
              },
              {
                "name": "RHSA-2024:4210",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4210"
              },
              {
                "name": "RHSA-2024:4235",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4235"
              },
              {
                "name": "RHSA-2024:4633",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4633"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-2199"
              },
              {
                "name": "RHBZ#2267976",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267976"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/389ds/389-ds-base",
              "defaultStatus": "unaffected",
              "packageName": "389-ds-base",
              "versions": [
                {
                  "lessThan": "3.1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server_e4s:11.5::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.5 E4S for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8060020250210084424.0ca98e7e",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11.8::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.8 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8090020240606122459.91529cd0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:11.9::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:11",
              "product": "Red Hat Directory Server 11.9 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240604161237.37ed7c03",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:directory_server:12.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-ds:12",
              "product": "Red Hat Directory Server 12.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "9040020240604143706.1674d574",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::client",
                "cpe:/o:redhat:enterprise_linux:7::computenode",
                "cpe:/o:redhat:enterprise_linux:7::server",
                "cpe:/o:redhat:enterprise_linux:7::workstation"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.3.11.1-5.el7_9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8100020240613122040.25e700aa",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds:1.4",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "8080020240807050952.6dbb3803",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream",
                "cpe:/a:redhat:enterprise_linux:9::crb"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.4.5-8.el9_4",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.4-9.el9_2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "389-ds-base",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-05-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T04:12:26.130Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:3591",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3591"
            },
            {
              "name": "RHSA-2024:3837",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3837"
            },
            {
              "name": "RHSA-2024:4092",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4092"
            },
            {
              "name": "RHSA-2024:4209",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4209"
            },
            {
              "name": "RHSA-2024:4210",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4210"
            },
            {
              "name": "RHSA-2024:4235",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4235"
            },
            {
              "name": "RHSA-2024:4633",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4633"
            },
            {
              "name": "RHSA-2024:5690",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:5690"
            },
            {
              "name": "RHSA-2025:1632",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2025:1632"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-2199"
            },
            {
              "name": "RHBZ#2267976",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267976"
            },
            {
              "url": "https://www.port389.org/docs/389ds/releases/release-3-1-1.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-05T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-28T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-20: Improper Input Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-2199",
        "datePublished": "2024-05-28T12:04:07.401Z",
        "dateReserved": "2024-03-05T18:54:52.210Z",
        "dateUpdated": "2026-06-26T04:12:26.130Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }