2 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability. Se encontró un fallo en slapi-nis en versiones anteriores a 0.56.7. Una desreferencia de puntero NULL durante el análisis del Binding DN, podría permitir a un atacante no autenticado bloquear el servidor de directorio 389-ds-base. • https://bugzilla.redhat.com/show_bug.cgi?id=1944640 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GVQCDRQRFHXVR3Z3FQYM3UMC7QZUDDRJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXMOMPTZTGOVFOZUUNXHOVCAYIPST74W https://access.redhat.com/security/cve/CVE-2021-3480 • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0

The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups. El plugin slapi-nis anterior a 0.54.2 no reasigna correctamente la memoria cuando procesa las cuentas de usuarios, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de una solicitud para (1) un grupo con un número grande de miembros o (2) un usuario que pertenece a un número grande de grupos. It was discovered that the slapi-nis Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for information about a group with many members, or a request for a user that belongs to a large number of groups, would cause a Directory Server to enter an infinite loop and consume an excessive amount of CPU time. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154314.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154103.html http://rhn.redhat.com/errata/RHSA-2015-0728.html http://www.securityfocus.com/bid/73377 https://bugzilla.redhat.com/show_bug.cgi?id=1195729 https://git.fedorahosted.org/cgit/slapi-nis.git/commit/?id=6573f91c95f7a353ad3bdf2fe95b0c15932aa097 https://access.redhat.com/security/cve/CVE-2015-0283 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •