// For flags

CVE-2022-0918

389-ds-base: sending crafted message could result in DoS

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.

Se ha detectado una vulnerabilidad en 389 Directory Server que permite a un atacante no autenticado con acceso a la red al puerto LDAP causar una denegación de servicio. La denegación de servicio es desencadenada por un único mensaje enviado a través de una conexión TCP, no es requerido bind u otra autenticación. El mensaje desencadena un fallo de segmentación que resulta en el bloqueo de slapd

A vulnerability was found in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection. No bind or other authentication is required. This message triggers a segmentation fault that results in slapd crashing.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-03-10 CVE Reserved
  • 2022-03-16 CVE Published
  • 2022-05-12 First Exploit
  • 2024-08-02 CVE Updated
  • 2024-10-20 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Port389
Search vendor "Port389"
389-ds-base
Search vendor "Port389" for product "389-ds-base"
1.4.0
Search vendor "Port389" for product "389-ds-base" and version "1.4.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Affected