CVE-2022-0918
389-ds-base: sending crafted message could result in DoS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
Se ha detectado una vulnerabilidad en 389 Directory Server que permite a un atacante no autenticado con acceso a la red al puerto LDAP causar una denegación de servicio. La denegación de servicio es desencadenada por un único mensaje enviado a través de una conexión TCP, no es requerido bind u otra autenticación. El mensaje desencadena un fallo de segmentación que resulta en el bloqueo de slapd
A vulnerability was found in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection. No bind or other authentication is required. This message triggers a segmentation fault that results in slapd crashing.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-10 CVE Reserved
- 2022-03-16 CVE Published
- 2022-05-12 First Exploit
- 2024-08-02 CVE Updated
- 2024-10-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (5)
URL | Date | SRC |
---|---|---|
https://github.com/NathanMulbrook/CVE-2022-0918 | 2022-05-12 |
URL | Date | SRC |
---|---|---|
https://github.com/389ds/389-ds-base/issues/5242 | 2023-04-24 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2022-0918 | 2022-12-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2055815 | 2022-12-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Port389 Search vendor "Port389" | 389-ds-base Search vendor "Port389" for product "389-ds-base" | 1.4.0 Search vendor "Port389" for product "389-ds-base" and version "1.4.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
|