Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-2850 (GCVE-0-2022-2850)
Vulnerability from cvelistv5 – Published: 2022-10-14 00:00 – Updated: 2025-11-03 20:34
VLAI
EPSS
Summary
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- denial of service
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | 389-ds-base |
Affected:
389-ds-base-2.0.x+
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:34:50.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-2850"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2850",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T15:06:25.646319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T15:06:55.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "389-ds-base-2.0.x+"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T08:06:23.001Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2850"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2850",
"datePublished": "2022-10-14T00:00:00.000Z",
"dateReserved": "2022-08-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T20:34:50.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-2850",
"date": "2026-06-05",
"epss": "0.00355",
"percentile": "0.58126"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-2850\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-10-14T18:15:14.980\",\"lastModified\":\"2025-11-03T21:15:52.280\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un fallo en 389-ds-base. Cuando el plugin de sincronizaci\u00f3n de contenidos est\u00e1 habilitado, un usuario autenticado puede llegar a una desreferencia de puntero NULL usando una consulta especialmente dise\u00f1ada. Este fallo permite a un atacante autenticado causar una denegaci\u00f3n de servicio. Esta CVE est\u00e1 asignada a una correcci\u00f3n incompleta de CVE-2021-3514\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:directory_server:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A169F6D-88A5-4631-9D30-519350ACFE6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3DAF61A-58A9-41A6-A4DC-64148055B0C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:port389:389-ds-base:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.4.1\",\"matchCriteriaId\":\"054799AD-A5F0-4A96-AE9F-6C902CD5D1C7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-2850\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2118691\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-2850\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2118691\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2118691\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-2850\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:34:50.179Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-2850\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-15T15:06:25.646319Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476 NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-15T15:06:51.911Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"389-ds-base\", \"versions\": [{\"status\": \"affected\", \"version\": \"389-ds-base-2.0.x+\"}]}], \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2118691\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-2850\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"denial of service\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2023-04-24T08:06:23.001Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-2850\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T20:34:50.179Z\", \"dateReserved\": \"2022-08-16T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2022-10-14T00:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2022:8886
Vulnerability from csaf_redhat - Published: 2022-12-07 11:55 - Updated: 2025-11-21 18:35Summary
Red Hat Security Advisory: redhat-ds:11 security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.5 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.
Security Fix(es):
* 389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* broken nsslapd-subtree-rename-switch option in rhds11 (BZ#2098140)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-DirSrv-11.5:389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.src::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.5:389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.5:389-ds-base-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.5:389-ds-base-debugsource-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.5:389-ds-base-devel-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.5:389-ds-base-legacy-tools-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.5:389-ds-base-legacy-tools-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.5:389-ds-base-libs-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.5:389-ds-base-libs-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.5:389-ds-base-snmp-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.5:389-ds-base-snmp-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.5:cockpit-389-ds-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.5:python3-lib389-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
11 references
Acknowledgments
Red Hat
Viktor Ashirov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.5 for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.\n\nSecurity Fix(es):\n\n* 389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* broken nsslapd-subtree-rename-switch option in rhds11 (BZ#2098140)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8886",
"url": "https://access.redhat.com/errata/RHSA-2022:8886"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-2850",
"url": "https://access.redhat.com/security/cve/CVE-2022-2850"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#",
"url": "https://access.redhat.com/security/updates/classification/#"
},
{
"category": "external",
"summary": "2098140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098140"
},
{
"category": "external",
"summary": "2118691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8886.json"
}
],
"title": "Red Hat Security Advisory: redhat-ds:11 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T18:35:35+00:00",
"generator": {
"date": "2025-11-21T18:35:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2022:8886",
"initial_release_date": "2022-12-07T11:55:58+00:00",
"revision_history": [
{
"date": "2022-12-07T11:55:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-12-07T11:55:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:35:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Directory Server 11.5 for RHEL 8",
"product": {
"name": "Red Hat Directory Server 11.5 for RHEL 8",
"product_id": "8Base-DirSrv-11.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:directory_server:11.5::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Directory Server"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.src::redhat-ds:11",
"product": {
"name": "389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.src (redhat-ds:11)",
"product_id": "389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.src::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@1.4.3.29-7.module%2Bel8dsrv%2B17334%2B74991258?arch=src\u0026rpmmod=redhat-ds:11:8060020221122205230:0ca98e7e"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@1.4.3.29-7.module%2Bel8dsrv%2B17334%2B74991258?arch=x86_64\u0026rpmmod=redhat-ds:11:8060020221122205230:0ca98e7e"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debuginfo@1.4.3.29-7.module%2Bel8dsrv%2B17334%2B74991258?arch=x86_64\u0026rpmmod=redhat-ds:11:8060020221122205230:0ca98e7e"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debugsource-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-debugsource-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-debugsource-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debugsource@1.4.3.29-7.module%2Bel8dsrv%2B17334%2B74991258?arch=x86_64\u0026rpmmod=redhat-ds:11:8060020221122205230:0ca98e7e"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-devel-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-devel-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-devel-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-devel@1.4.3.29-7.module%2Bel8dsrv%2B17334%2B74991258?arch=x86_64\u0026rpmmod=redhat-ds:11:8060020221122205230:0ca98e7e"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-legacy-tools-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-legacy-tools-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-legacy-tools-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-legacy-tools@1.4.3.29-7.module%2Bel8dsrv%2B17334%2B74991258?arch=x86_64\u0026rpmmod=redhat-ds:11:8060020221122205230:0ca98e7e"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-legacy-tools-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-legacy-tools-debuginfo@1.4.3.29-7.module%2Bel8dsrv%2B17334%2B74991258?arch=x86_64\u0026rpmmod=redhat-ds:11:8060020221122205230:0ca98e7e"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-libs-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-libs-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs@1.4.3.29-7.module%2Bel8dsrv%2B17334%2B74991258?arch=x86_64\u0026rpmmod=redhat-ds:11:8060020221122205230:0ca98e7e"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-libs-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-libs-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs-debuginfo@1.4.3.29-7.module%2Bel8dsrv%2B17334%2B74991258?arch=x86_64\u0026rpmmod=redhat-ds:11:8060020221122205230:0ca98e7e"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-snmp-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-snmp-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp@1.4.3.29-7.module%2Bel8dsrv%2B17334%2B74991258?arch=x86_64\u0026rpmmod=redhat-ds:11:8060020221122205230:0ca98e7e"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-snmp-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-snmp-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp-debuginfo@1.4.3.29-7.module%2Bel8dsrv%2B17334%2B74991258?arch=x86_64\u0026rpmmod=redhat-ds:11:8060020221122205230:0ca98e7e"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cockpit-389-ds-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11",
"product": {
"name": "cockpit-389-ds-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch (redhat-ds:11)",
"product_id": "cockpit-389-ds-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cockpit-389-ds@1.4.3.29-7.module%2Bel8dsrv%2B17334%2B74991258?arch=noarch\u0026rpmmod=redhat-ds:11:8060020221122205230:0ca98e7e"
}
}
},
{
"category": "product_version",
"name": "python3-lib389-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11",
"product": {
"name": "python3-lib389-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch (redhat-ds:11)",
"product_id": "python3-lib389-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-lib389@1.4.3.29-7.module%2Bel8dsrv%2B17334%2B74991258?arch=noarch\u0026rpmmod=redhat-ds:11:8060020221122205230:0ca98e7e"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.src (redhat-ds:11) as a component of Red Hat Directory Server 11.5 for RHEL 8",
"product_id": "8Base-DirSrv-11.5:389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.src::redhat-ds:11"
},
"product_reference": "389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.src::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.5 for RHEL 8",
"product_id": "8Base-DirSrv-11.5:389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.5 for RHEL 8",
"product_id": "8Base-DirSrv-11.5:389-ds-base-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debugsource-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.5 for RHEL 8",
"product_id": "8Base-DirSrv-11.5:389-ds-base-debugsource-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-debugsource-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-devel-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.5 for RHEL 8",
"product_id": "8Base-DirSrv-11.5:389-ds-base-devel-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-devel-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-legacy-tools-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.5 for RHEL 8",
"product_id": "8Base-DirSrv-11.5:389-ds-base-legacy-tools-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-legacy-tools-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.5 for RHEL 8",
"product_id": "8Base-DirSrv-11.5:389-ds-base-legacy-tools-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-legacy-tools-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.5 for RHEL 8",
"product_id": "8Base-DirSrv-11.5:389-ds-base-libs-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-libs-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.5 for RHEL 8",
"product_id": "8Base-DirSrv-11.5:389-ds-base-libs-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-libs-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.5 for RHEL 8",
"product_id": "8Base-DirSrv-11.5:389-ds-base-snmp-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-snmp-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.5 for RHEL 8",
"product_id": "8Base-DirSrv-11.5:389-ds-base-snmp-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-snmp-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-389-ds-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch (redhat-ds:11) as a component of Red Hat Directory Server 11.5 for RHEL 8",
"product_id": "8Base-DirSrv-11.5:cockpit-389-ds-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11"
},
"product_reference": "cockpit-389-ds-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-lib389-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch (redhat-ds:11) as a component of Red Hat Directory Server 11.5 for RHEL 8",
"product_id": "8Base-DirSrv-11.5:python3-lib389-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11"
},
"product_reference": "python3-lib389-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Viktor Ashirov"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2022-2850",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2022-08-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2118691"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "389-ds-base: SIGSEGV in sync_repl",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is assigned against an incomplete fix of CVE-2021-3514.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-DirSrv-11.5:389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.src::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-debugsource-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-devel-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-legacy-tools-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-legacy-tools-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-libs-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-libs-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-snmp-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-snmp-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:cockpit-389-ds-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11",
"8Base-DirSrv-11.5:python3-lib389-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2850"
},
{
"category": "external",
"summary": "RHBZ#2118691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2850"
}
],
"release_date": "2022-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-07T11:55:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in\nthis advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-DirSrv-11.5:389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.src::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-debugsource-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-devel-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-legacy-tools-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-legacy-tools-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-libs-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-libs-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-snmp-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-snmp-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:cockpit-389-ds-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11",
"8Base-DirSrv-11.5:python3-lib389-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8886"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-DirSrv-11.5:389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.src::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-debugsource-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-devel-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-legacy-tools-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-legacy-tools-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-libs-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-libs-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-snmp-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:389-ds-base-snmp-debuginfo-0:1.4.3.29-7.module+el8dsrv+17334+74991258.x86_64::redhat-ds:11",
"8Base-DirSrv-11.5:cockpit-389-ds-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11",
"8Base-DirSrv-11.5:python3-lib389-0:1.4.3.29-7.module+el8dsrv+17334+74991258.noarch::redhat-ds:11"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "389-ds-base: SIGSEGV in sync_repl"
}
]
}
RHSA-2022:8976
Vulnerability from csaf_redhat - Published: 2022-12-13 16:09 - Updated: 2026-04-06 07:55Summary
Red Hat Security Advisory: 389-ds-base security update
Severity
Moderate
Notes
Topic: An update for 389-ds-base is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.
Security Fix(es):
* 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918)
* 389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850)
* 389-ds-base: expired password was still allowed to access the database (CVE-2022-0996)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection. No bind or other authentication is required. This message triggers a segmentation fault that results in slapd crashing.
7.5 (High)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:python3-lib389-0:2.0.14-3.el9_0.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication.
5.7 (Medium)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:python3-lib389-0:2.0.14-3.el9_0.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service.
6.5 (Medium)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:python3-lib389-0:2.0.14-3.el9_0.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
18 references
Acknowledgments
Nathan Mulbrook
Red Hat
Matthew Burket
Red Hat
Viktor Ashirov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for 389-ds-base is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.\n\nSecurity Fix(es):\n\n* 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918)\n\n* 389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850)\n\n* 389-ds-base: expired password was still allowed to access the database (CVE-2022-0996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8976",
"url": "https://access.redhat.com/errata/RHSA-2022:8976"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2055815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815"
},
{
"category": "external",
"summary": "2064769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769"
},
{
"category": "external",
"summary": "2118691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8976.json"
}
],
"title": "Red Hat Security Advisory: 389-ds-base security update",
"tracking": {
"current_release_date": "2026-04-06T07:55:45+00:00",
"generator": {
"date": "2026-04-06T07:55:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2022:8976",
"initial_release_date": "2022-12-13T16:09:00+00:00",
"revision_history": [
{
"date": "2022-12-13T16:09:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-12-13T16:09:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-06T07:55:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:2.0.14-3.el9_0.src",
"product": {
"name": "389-ds-base-0:2.0.14-3.el9_0.src",
"product_id": "389-ds-base-0:2.0.14-3.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@2.0.14-3.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:2.0.14-3.el9_0.aarch64",
"product": {
"name": "389-ds-base-0:2.0.14-3.el9_0.aarch64",
"product_id": "389-ds-base-0:2.0.14-3.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@2.0.14-3.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-0:2.0.14-3.el9_0.aarch64",
"product": {
"name": "389-ds-base-libs-0:2.0.14-3.el9_0.aarch64",
"product_id": "389-ds-base-libs-0:2.0.14-3.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs@2.0.14-3.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64",
"product": {
"name": "389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64",
"product_id": "389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debugsource@2.0.14-3.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64",
"product": {
"name": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64",
"product_id": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debuginfo@2.0.14-3.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64",
"product": {
"name": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64",
"product_id": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs-debuginfo@2.0.14-3.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64",
"product": {
"name": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64",
"product_id": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp-debuginfo@2.0.14-3.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:2.0.14-3.el9_0.ppc64le",
"product": {
"name": "389-ds-base-0:2.0.14-3.el9_0.ppc64le",
"product_id": "389-ds-base-0:2.0.14-3.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@2.0.14-3.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le",
"product": {
"name": "389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le",
"product_id": "389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs@2.0.14-3.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le",
"product": {
"name": "389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le",
"product_id": "389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debugsource@2.0.14-3.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"product": {
"name": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"product_id": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debuginfo@2.0.14-3.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"product": {
"name": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"product_id": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs-debuginfo@2.0.14-3.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"product": {
"name": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"product_id": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp-debuginfo@2.0.14-3.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:2.0.14-3.el9_0.x86_64",
"product": {
"name": "389-ds-base-0:2.0.14-3.el9_0.x86_64",
"product_id": "389-ds-base-0:2.0.14-3.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@2.0.14-3.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-0:2.0.14-3.el9_0.x86_64",
"product": {
"name": "389-ds-base-libs-0:2.0.14-3.el9_0.x86_64",
"product_id": "389-ds-base-libs-0:2.0.14-3.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs@2.0.14-3.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64",
"product": {
"name": "389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64",
"product_id": "389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debugsource@2.0.14-3.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64",
"product": {
"name": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64",
"product_id": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debuginfo@2.0.14-3.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64",
"product": {
"name": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64",
"product_id": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs-debuginfo@2.0.14-3.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64",
"product": {
"name": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64",
"product_id": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp-debuginfo@2.0.14-3.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:2.0.14-3.el9_0.s390x",
"product": {
"name": "389-ds-base-0:2.0.14-3.el9_0.s390x",
"product_id": "389-ds-base-0:2.0.14-3.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@2.0.14-3.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-0:2.0.14-3.el9_0.s390x",
"product": {
"name": "389-ds-base-libs-0:2.0.14-3.el9_0.s390x",
"product_id": "389-ds-base-libs-0:2.0.14-3.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs@2.0.14-3.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x",
"product": {
"name": "389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x",
"product_id": "389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debugsource@2.0.14-3.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x",
"product": {
"name": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x",
"product_id": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debuginfo@2.0.14-3.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x",
"product": {
"name": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x",
"product_id": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs-debuginfo@2.0.14-3.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x",
"product": {
"name": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x",
"product_id": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp-debuginfo@2.0.14-3.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-lib389-0:2.0.14-3.el9_0.noarch",
"product": {
"name": "python3-lib389-0:2.0.14-3.el9_0.noarch",
"product_id": "python3-lib389-0:2.0.14-3.el9_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-lib389@2.0.14-3.el9_0?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:2.0.14-3.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.aarch64"
},
"product_reference": "389-ds-base-0:2.0.14-3.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:2.0.14-3.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.ppc64le"
},
"product_reference": "389-ds-base-0:2.0.14-3.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:2.0.14-3.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.s390x"
},
"product_reference": "389-ds-base-0:2.0.14-3.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:2.0.14-3.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.src"
},
"product_reference": "389-ds-base-0:2.0.14-3.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:2.0.14-3.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.x86_64"
},
"product_reference": "389-ds-base-0:2.0.14-3.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64"
},
"product_reference": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le"
},
"product_reference": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x"
},
"product_reference": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64"
},
"product_reference": "389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64"
},
"product_reference": "389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le"
},
"product_reference": "389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x"
},
"product_reference": "389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64"
},
"product_reference": "389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-0:2.0.14-3.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.aarch64"
},
"product_reference": "389-ds-base-libs-0:2.0.14-3.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le"
},
"product_reference": "389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-0:2.0.14-3.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.s390x"
},
"product_reference": "389-ds-base-libs-0:2.0.14-3.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-0:2.0.14-3.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.x86_64"
},
"product_reference": "389-ds-base-libs-0:2.0.14-3.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64"
},
"product_reference": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le"
},
"product_reference": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x"
},
"product_reference": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64"
},
"product_reference": "389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64"
},
"product_reference": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le"
},
"product_reference": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x"
},
"product_reference": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64"
},
"product_reference": "389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-lib389-0:2.0.14-3.el9_0.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:python3-lib389-0:2.0.14-3.el9_0.noarch"
},
"product_reference": "python3-lib389-0:2.0.14-3.el9_0.noarch",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Nathan Mulbrook"
]
},
{
"names": [
"Matthew Burket"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2022-0918",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055815"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection. No bind or other authentication is required. This message triggers a segmentation fault that results in slapd crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "389-ds-base: sending crafted message could result in DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.src",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:python3-lib389-0:2.0.14-3.el9_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0918"
},
{
"category": "external",
"summary": "RHBZ#2055815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0918"
}
],
"release_date": "2022-03-16T05:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-13T16:09:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the 389 server service will be restarted automatically.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.src",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:python3-lib389-0:2.0.14-3.el9_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8976"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.src",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:python3-lib389-0:2.0.14-3.el9_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "389-ds-base: sending crafted message could result in DoS"
},
{
"cve": "CVE-2022-0996",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064769"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "389-ds-base: expired password was still allowed to access the database",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.src",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:python3-lib389-0:2.0.14-3.el9_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0996"
},
{
"category": "external",
"summary": "RHBZ#2064769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0996"
}
],
"release_date": "2022-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-13T16:09:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the 389 server service will be restarted automatically.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.src",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:python3-lib389-0:2.0.14-3.el9_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8976"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.src",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:python3-lib389-0:2.0.14-3.el9_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "389-ds-base: expired password was still allowed to access the database"
},
{
"acknowledgments": [
{
"names": [
"Viktor Ashirov"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2022-2850",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2022-08-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2118691"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "389-ds-base: SIGSEGV in sync_repl",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is assigned against an incomplete fix of CVE-2021-3514.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.src",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:python3-lib389-0:2.0.14-3.el9_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2850"
},
{
"category": "external",
"summary": "RHBZ#2118691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2850"
}
],
"release_date": "2022-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-13T16:09:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the 389 server service will be restarted automatically.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.src",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:python3-lib389-0:2.0.14-3.el9_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8976"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.src",
"AppStream-9.0.0.Z.EUS:389-ds-base-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-debugsource-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-libs-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:389-ds-base-snmp-debuginfo-0:2.0.14-3.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:python3-lib389-0:2.0.14-3.el9_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "389-ds-base: SIGSEGV in sync_repl"
}
]
}
RHSA-2023:0479
Vulnerability from csaf_redhat - Published: 2023-01-26 17:15 - Updated: 2025-11-21 18:37Summary
Red Hat Security Advisory: redhat-ds:12 security update
Severity
Moderate
Notes
Topic: An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.0 for RHEL 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.
Security Fix(es):
* 389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service.
6.5 (Medium)
Affected products
Fixed
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-DirSrv-12.0:389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.src::redhat-ds:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-DirSrv-12.0:389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-DirSrv-12.0:389-ds-base-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-DirSrv-12.0:389-ds-base-debugsource-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-DirSrv-12.0:389-ds-base-devel-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-DirSrv-12.0:389-ds-base-libs-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-DirSrv-12.0:389-ds-base-libs-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-DirSrv-12.0:389-ds-base-snmp-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-DirSrv-12.0:389-ds-base-snmp-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-DirSrv-12.0:cockpit-389-ds-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-DirSrv-12.0:python3-lib389-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
8 references
Acknowledgments
Red Hat
Viktor Ashirov
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.0 for RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.\n\nSecurity Fix(es):\n\n* 389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0479",
"url": "https://access.redhat.com/errata/RHSA-2023:0479"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2118691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0479.json"
}
],
"title": "Red Hat Security Advisory: redhat-ds:12 security update",
"tracking": {
"current_release_date": "2025-11-21T18:37:12+00:00",
"generator": {
"date": "2025-11-21T18:37:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2023:0479",
"initial_release_date": "2023-01-26T17:15:28+00:00",
"revision_history": [
{
"date": "2023-01-26T17:15:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-26T17:15:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:37:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Directory Server 12.0 for RHEL 9",
"product": {
"name": "Red Hat Directory Server 12.0 for RHEL 9",
"product_id": "9Base-DirSrv-12.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:directory_server:12::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Directory Server"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.src::redhat-ds:12",
"product": {
"name": "389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.src (redhat-ds:12)",
"product_id": "389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.src::redhat-ds:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@2.0.18-3.module%2Bel9dsrv%2B17947%2B6e05a0b8?arch=src\u0026rpmmod=redhat-ds:12:9000020230124175804:fd05c7f4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product": {
"name": "389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12)",
"product_id": "389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@2.0.18-3.module%2Bel9dsrv%2B17947%2B6e05a0b8?arch=x86_64\u0026rpmmod=redhat-ds:12:9000020230124175804:fd05c7f4"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product": {
"name": "389-ds-base-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12)",
"product_id": "389-ds-base-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debuginfo@2.0.18-3.module%2Bel9dsrv%2B17947%2B6e05a0b8?arch=x86_64\u0026rpmmod=redhat-ds:12:9000020230124175804:fd05c7f4"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debugsource-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product": {
"name": "389-ds-base-debugsource-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12)",
"product_id": "389-ds-base-debugsource-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debugsource@2.0.18-3.module%2Bel9dsrv%2B17947%2B6e05a0b8?arch=x86_64\u0026rpmmod=redhat-ds:12:9000020230124175804:fd05c7f4"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-devel-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product": {
"name": "389-ds-base-devel-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12)",
"product_id": "389-ds-base-devel-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-devel@2.0.18-3.module%2Bel9dsrv%2B17947%2B6e05a0b8?arch=x86_64\u0026rpmmod=redhat-ds:12:9000020230124175804:fd05c7f4"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product": {
"name": "389-ds-base-libs-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12)",
"product_id": "389-ds-base-libs-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs@2.0.18-3.module%2Bel9dsrv%2B17947%2B6e05a0b8?arch=x86_64\u0026rpmmod=redhat-ds:12:9000020230124175804:fd05c7f4"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product": {
"name": "389-ds-base-libs-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12)",
"product_id": "389-ds-base-libs-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs-debuginfo@2.0.18-3.module%2Bel9dsrv%2B17947%2B6e05a0b8?arch=x86_64\u0026rpmmod=redhat-ds:12:9000020230124175804:fd05c7f4"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product": {
"name": "389-ds-base-snmp-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12)",
"product_id": "389-ds-base-snmp-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp@2.0.18-3.module%2Bel9dsrv%2B17947%2B6e05a0b8?arch=x86_64\u0026rpmmod=redhat-ds:12:9000020230124175804:fd05c7f4"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product": {
"name": "389-ds-base-snmp-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12)",
"product_id": "389-ds-base-snmp-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp-debuginfo@2.0.18-3.module%2Bel9dsrv%2B17947%2B6e05a0b8?arch=x86_64\u0026rpmmod=redhat-ds:12:9000020230124175804:fd05c7f4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cockpit-389-ds-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12",
"product": {
"name": "cockpit-389-ds-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch (redhat-ds:12)",
"product_id": "cockpit-389-ds-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cockpit-389-ds@2.0.18-3.module%2Bel9dsrv%2B17947%2B6e05a0b8?arch=noarch\u0026rpmmod=redhat-ds:12:9000020230124175804:fd05c7f4"
}
}
},
{
"category": "product_version",
"name": "python3-lib389-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12",
"product": {
"name": "python3-lib389-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch (redhat-ds:12)",
"product_id": "python3-lib389-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-lib389@2.0.18-3.module%2Bel9dsrv%2B17947%2B6e05a0b8?arch=noarch\u0026rpmmod=redhat-ds:12:9000020230124175804:fd05c7f4"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.src (redhat-ds:12) as a component of Red Hat Directory Server 12.0 for RHEL 9",
"product_id": "9Base-DirSrv-12.0:389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.src::redhat-ds:12"
},
"product_reference": "389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.src::redhat-ds:12",
"relates_to_product_reference": "9Base-DirSrv-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.0 for RHEL 9",
"product_id": "9Base-DirSrv-12.0:389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12"
},
"product_reference": "389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"relates_to_product_reference": "9Base-DirSrv-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.0 for RHEL 9",
"product_id": "9Base-DirSrv-12.0:389-ds-base-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12"
},
"product_reference": "389-ds-base-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"relates_to_product_reference": "9Base-DirSrv-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debugsource-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.0 for RHEL 9",
"product_id": "9Base-DirSrv-12.0:389-ds-base-debugsource-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12"
},
"product_reference": "389-ds-base-debugsource-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"relates_to_product_reference": "9Base-DirSrv-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-devel-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.0 for RHEL 9",
"product_id": "9Base-DirSrv-12.0:389-ds-base-devel-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12"
},
"product_reference": "389-ds-base-devel-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"relates_to_product_reference": "9Base-DirSrv-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.0 for RHEL 9",
"product_id": "9Base-DirSrv-12.0:389-ds-base-libs-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12"
},
"product_reference": "389-ds-base-libs-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"relates_to_product_reference": "9Base-DirSrv-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.0 for RHEL 9",
"product_id": "9Base-DirSrv-12.0:389-ds-base-libs-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12"
},
"product_reference": "389-ds-base-libs-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"relates_to_product_reference": "9Base-DirSrv-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.0 for RHEL 9",
"product_id": "9Base-DirSrv-12.0:389-ds-base-snmp-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12"
},
"product_reference": "389-ds-base-snmp-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"relates_to_product_reference": "9Base-DirSrv-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64 (redhat-ds:12) as a component of Red Hat Directory Server 12.0 for RHEL 9",
"product_id": "9Base-DirSrv-12.0:389-ds-base-snmp-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12"
},
"product_reference": "389-ds-base-snmp-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"relates_to_product_reference": "9Base-DirSrv-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-389-ds-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch (redhat-ds:12) as a component of Red Hat Directory Server 12.0 for RHEL 9",
"product_id": "9Base-DirSrv-12.0:cockpit-389-ds-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12"
},
"product_reference": "cockpit-389-ds-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12",
"relates_to_product_reference": "9Base-DirSrv-12.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-lib389-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch (redhat-ds:12) as a component of Red Hat Directory Server 12.0 for RHEL 9",
"product_id": "9Base-DirSrv-12.0:python3-lib389-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12"
},
"product_reference": "python3-lib389-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12",
"relates_to_product_reference": "9Base-DirSrv-12.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Viktor Ashirov"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2022-2850",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2022-08-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2118691"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "389-ds-base: SIGSEGV in sync_repl",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is assigned against an incomplete fix of CVE-2021-3514.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-DirSrv-12.0:389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.src::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-debugsource-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-devel-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-libs-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-libs-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-snmp-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-snmp-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:cockpit-389-ds-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12",
"9Base-DirSrv-12.0:python3-lib389-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2850"
},
{
"category": "external",
"summary": "RHBZ#2118691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2850"
}
],
"release_date": "2022-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-26T17:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-DirSrv-12.0:389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.src::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-debugsource-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-devel-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-libs-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-libs-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-snmp-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-snmp-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:cockpit-389-ds-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12",
"9Base-DirSrv-12.0:python3-lib389-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0479"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-DirSrv-12.0:389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.src::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-debugsource-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-devel-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-libs-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-libs-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-snmp-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:389-ds-base-snmp-debuginfo-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64::redhat-ds:12",
"9Base-DirSrv-12.0:cockpit-389-ds-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12",
"9Base-DirSrv-12.0:python3-lib389-0:2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch::redhat-ds:12"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "389-ds-base: SIGSEGV in sync_repl"
}
]
}
SUSE-SU-2022:3029-1
Vulnerability from csaf_suse - Published: 2022-09-05 14:41 - Updated: 2022-09-05 14:41Summary
Security update for 389-ds
Severity
Moderate
Notes
Title of the patch: Security update for 389-ds
Description of the patch: This update for 389-ds fixes the following issues:
- CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470).
Non-security fixes:
- Update to version 1.4.4.19~git46.c900a28c8:
* CI - makes replication/acceptance_test.py::test_modify_entry more robust
* UI - LDAP Editor is not updated when we switch instances
- Improvements to openldap import with password policy present (bsc#1199908)
- Update to version 1.4.4.19~git43.8ba2ea21f:
* fix covscan
* BUG - pid file handling
* Memory leak in slapi_ldap_get_lderrno
* Need a compatibility option about sub suffix handling
* Release tarballs don't contain cockpit webapp
* Replication broken after password change
* Harden ReplicationManager.wait_for_replication
* dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int'
* CLI - dsconf backend export breaks with multiple backends
* CLI - improve task handling
Patchnames: SUSE-2022-3029,SUSE-SLE-Module-Server-Applications-15-SP3-2022-3029,openSUSE-SLE-15.3-2022-3029
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for 389-ds",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for 389-ds fixes the following issues:\n\n- CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470).\n\nNon-security fixes:\n\n- Update to version 1.4.4.19~git46.c900a28c8:\n * CI - makes replication/acceptance_test.py::test_modify_entry more robust\n * UI - LDAP Editor is not updated when we switch instances\n- Improvements to openldap import with password policy present (bsc#1199908)\n- Update to version 1.4.4.19~git43.8ba2ea21f:\n * fix covscan\n * BUG - pid file handling\n * Memory leak in slapi_ldap_get_lderrno\n * Need a compatibility option about sub suffix handling\n * Release tarballs don\u0027t contain cockpit webapp\n * Replication broken after password change\n * Harden ReplicationManager.wait_for_replication\n * dscontainer: TypeError: unsupported operand type(s) for /: \u0027str\u0027 and \u0027int\u0027\n * CLI - dsconf backend export breaks with multiple backends\n * CLI - improve task handling\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3029,SUSE-SLE-Module-Server-Applications-15-SP3-2022-3029,openSUSE-SLE-15.3-2022-3029",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3029-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3029-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223029-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3029-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012079.html"
},
{
"category": "self",
"summary": "SUSE Bug 1199908",
"url": "https://bugzilla.suse.com/1199908"
},
{
"category": "self",
"summary": "SUSE Bug 1202470",
"url": "https://bugzilla.suse.com/1202470"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2850 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2850/"
}
],
"title": "Security update for 389-ds",
"tracking": {
"current_release_date": "2022-09-05T14:41:44Z",
"generator": {
"date": "2022-09-05T14:41:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3029-1",
"initial_release_date": "2022-09-05T14:41:44Z",
"revision_history": [
{
"date": "2022-09-05T14:41:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product_id": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product_id": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product_id": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product_id": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product_id": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product_id": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product_id": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product_id": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product_id": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product_id": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product_id": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product_id": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product_id": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product_id": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product_id": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product_id": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product_id": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product_id": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product_id": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product_id": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2850"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2850",
"url": "https://www.suse.com/security/cve/CVE-2022-2850"
},
{
"category": "external",
"summary": "SUSE Bug 1202470 for CVE-2022-2850",
"url": "https://bugzilla.suse.com/1202470"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-05T14:41:44Z",
"details": "moderate"
}
],
"title": "CVE-2022-2850"
}
]
}
SUSE-SU-2022:3286-1
Vulnerability from csaf_suse - Published: 2022-09-16 07:08 - Updated: 2022-09-16 07:08Summary
Security update for 389-ds
Severity
Moderate
Notes
Title of the patch: Security update for 389-ds
Description of the patch: This update for 389-ds fixes the following issues:
- CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470).
Non-security fixes:
- Update to version 2.0.16~git20.219f047ae:
* Fix missing 'not' in description
* CI - makes replication/acceptance_test.py::test_modify_entry more robust
* fix repl keep alive event interval
* Sync_repl may crash while managing invalid cookie
* Hostname when set to localhost causing failures in other tests
* lib389 - do not set backend name to lowercase
* keep alive update event starts too soon
* Fix various memory leaks
* UI - LDAP Editor is not updated when we switch instances
* Supplier should do periodic updates
- Update sudoers schema to support UTF-8 (bsc#1197998)
- Update to version 2.0.16~git9.e2a858a86:
* UI - Various fixes and RFE's for UI
* Remove problematic language from source code
* CI - disable TLS hostname checking
* Update npm and cargo packages
* Support ECDSA private keys for TLS
Patchnames: SUSE-2022-3286,SUSE-SLE-Module-Server-Applications-15-SP4-2022-3286,openSUSE-SLE-15.4-2022-3286
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for 389-ds",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for 389-ds fixes the following issues:\n\n- CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470).\n\nNon-security fixes:\n\n- Update to version 2.0.16~git20.219f047ae:\n * Fix missing \u0027not\u0027 in description\n * CI - makes replication/acceptance_test.py::test_modify_entry more robust\n * fix repl keep alive event interval\n * Sync_repl may crash while managing invalid cookie\n * Hostname when set to localhost causing failures in other tests\n * lib389 - do not set backend name to lowercase\n * keep alive update event starts too soon\n * Fix various memory leaks\n * UI - LDAP Editor is not updated when we switch instances\n * Supplier should do periodic updates\n- Update sudoers schema to support UTF-8 (bsc#1197998)\n- Update to version 2.0.16~git9.e2a858a86:\n * UI - Various fixes and RFE\u0027s for UI\n * Remove problematic language from source code\n * CI - disable TLS hostname checking\n * Update npm and cargo packages\n * Support ECDSA private keys for TLS\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3286,SUSE-SLE-Module-Server-Applications-15-SP4-2022-3286,openSUSE-SLE-15.4-2022-3286",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3286-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3286-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223286-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3286-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012268.html"
},
{
"category": "self",
"summary": "SUSE Bug 1197998",
"url": "https://bugzilla.suse.com/1197998"
},
{
"category": "self",
"summary": "SUSE Bug 1202470",
"url": "https://bugzilla.suse.com/1202470"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2850 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2850/"
}
],
"title": "Security update for 389-ds",
"tracking": {
"current_release_date": "2022-09-16T07:08:59Z",
"generator": {
"date": "2022-09-16T07:08:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3286-1",
"initial_release_date": "2022-09-16T07:08:59Z",
"revision_history": [
{
"date": "2022-09-16T07:08:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product_id": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product_id": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product_id": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product_id": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product_id": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product_id": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product_id": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product_id": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product_id": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product_id": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product_id": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product_id": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product_id": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product_id": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product_id": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product_id": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product_id": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product_id": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product_id": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product_id": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2850"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2850",
"url": "https://www.suse.com/security/cve/CVE-2022-2850"
},
{
"category": "external",
"summary": "SUSE Bug 1202470 for CVE-2022-2850",
"url": "https://bugzilla.suse.com/1202470"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-16T07:08:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-2850"
}
]
}
WID-SEC-W-2022-1858
Vulnerability from csaf_certbund - Published: 2022-10-25 22:00 - Updated: 2025-01-20 23:00Summary
Red Hat Enterprise Linux (389-ds-base): Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux in der Komponente "389-ds-base" ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
Es besteht eine Schwachstelle in Red Hat Enterprise Linux in der Komponente "389-ds-base", wenn das Plugin "Content Synchronization" aktiviert ist. Ein authentifizierter Angreifer kann mit einer speziell gestalteten Abfrage eine NULL-Zeiger-Dereferenz auslösen, um einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 |
References
14 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux in der Komponente \"389-ds-base\" ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1858 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1858.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1858 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1858"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-10-25",
"url": "https://access.redhat.com/errata/RHSA-2022:7087"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-10-25",
"url": "https://access.redhat.com/errata/RHSA-2022:7133"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory vom 2022-10-25",
"url": "https://linux.oracle.com/errata/ELSA-2022-7087.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7133 vom 2022-10-27",
"url": "https://linux.oracle.com/errata/ELSA-2022-7133.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2022:7087 vom 2022-10-26",
"url": "https://lists.centos.org/pipermail/centos-announce/2022-October/073639.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8162 vom 2022-11-15",
"url": "https://access.redhat.com/errata/RHSA-2022:8162"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8680 vom 2022-11-29",
"url": "https://access.redhat.com/errata/RHSA-2022:8680"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1879 vom 2022-12-07",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1879.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8886 vom 2022-12-08",
"url": "https://access.redhat.com/errata/RHSA-2022:8886"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8976 vom 2022-12-13",
"url": "https://access.redhat.com/errata/RHSA-2022:8976"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0479 vom 2023-01-26",
"url": "https://access.redhat.com/errata/RHSA-2023:0479"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4021 vom 2025-01-20",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (389-ds-base): Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-01-20T23:00:00.000+00:00",
"generator": {
"date": "2025-01-21T09:16:05.644+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2022-1858",
"initial_release_date": "2022-10-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-10-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-10-26T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Oracle Linux und CentOS aufgenommen"
},
{
"date": "2022-11-15T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-29T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-06T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-12-07T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-13T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-01-26T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-20T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T014111",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2850",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat Enterprise Linux in der Komponente \"389-ds-base\", wenn das Plugin \"Content Synchronization\" aktiviert ist. Ein authentifizierter Angreifer kann mit einer speziell gestalteten Abfrage eine NULL-Zeiger-Dereferenz ausl\u00f6sen, um einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"2951",
"67646",
"398363",
"1727",
"T004914",
"T014111"
]
},
"release_date": "2022-10-25T22:00:00.000+00:00",
"title": "CVE-2022-2850"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…