CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-5953 – 389-ds-base: malformed userpassword hash may cause denial of service
https://notcve.org/view.php?id=CVE-2024-5953
18 Jun 2024 — A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. Se encontró una vulnerabilidad de denegación de servicio en el servidor LDAP 389-ds-base. Este problema puede permitir que un usuario autenticado provoque una denegación de servicio del servidor al intentar iniciar sesión con un usuario con un hash mal formado en su contraseña... • https://access.redhat.com/errata/RHSA-2024:4633 • CWE-1288: Improper Validation of Consistency within Input •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-3657 – 389-ds-base: potential denial of service via specially crafted kerberos as-req request
https://notcve.org/view.php?id=CVE-2024-3657
28 May 2024 — A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service Se encontró una falla en 389-ds-base. Una consulta LDAP especialmente manipulada puede causar potencialmente una falla en el servidor de directorio, lo que lleva a una denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:3591 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 21EXPL: 0CVE-2024-2199 – 389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c
https://notcve.org/view.php?id=CVE-2024-2199
28 May 2024 — A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. Se encontró una vulnerabilidad de denegación de servicio en el servidor ldap 389-ds-base. Este problema puede permitir que un usuario autenticado provoque una falla del servidor al modificar "userPassword" utilizando una entrada con formato incorrecto. • https://access.redhat.com/errata/RHSA-2024:3591 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2024-1062 – 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)
https://notcve.org/view.php?id=CVE-2024-1062
12 Feb 2024 — A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. Se encontró una falla de desbordamiento de búfer de almacenamiento dinámico en 389-ds-base. Este problema provoca una denegación de servicio al escribir un valor superior a 256 caracteres en log_entry_attr. • https://access.redhat.com/errata/RHSA-2024:1074 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10171 – 389-ds-base: Insufficient fix for CVE-2018-14648 denial of service in RHEL-7.5
https://notcve.org/view.php?id=CVE-2019-10171
16 Jul 2019 — It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service. Se detectó que la corrección para el CVE-2018-14648 en 389-ds-base, versiones 1.4.0.x anteriores a 1.4.0.17, se aplicó incorrectamente en RHEL versión 7.5. Un atacante podría aún ser capaz de provocar un consumo excesivo de CPU conllevando a una denegación de servicio. It was fo... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10171 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-14638 – 389-ds-base: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly
https://notcve.org/view.php?id=CVE-2018-14638
14 Sep 2018 — A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. Se ha descubierto un problema en versiones anteriores a la 1.3.8.4-13 de 389-ds-base. El proceso ns-slapd se cierra inesperadamente en la función delete_passwdPolicy cuando las conexiones de búsqueda persistente se terminan inesperadamente, lo que conduce a una denegación de servicio (DoS) r... • https://access.redhat.com/errata/RHSA-2018:2757 • CWE-400: Uncontrolled Resource Consumption CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 2CVE-2018-14624 – 389-ds-base: Server crash through modify command with large DN
https://notcve.org/view.php?id=CVE-2018-14624
06 Sep 2018 — A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. Se ha descubierto una vulnerabilidad en 389-ds-base hasta las versiones 1.3.7.10, 1.3.8.8 y 1.4.0.16. El bloqueo que controla el registro de errores no se empleaba correctamente al reabrir el archivo d... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 1%CPEs: 10EXPL: 0CVE-2018-10850 – 389-ds-base: race condition on reference counter leads to DoS using persistent search
https://notcve.org/view.php?id=CVE-2018-10850
13 Jun 2018 — 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. 389-ds-base en versiones anteriores a la 1.4.0.10 y 1.3.8.3 es vulnerable a una condición de carrera por la forma en la que 389-ds-base gestiona las búsquedas persistentes. Esto resulta en un cierre inesperado si el servidor está bajo carga. Un atacante anón... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •