CVE-2024-5953

389-ds-base: malformed userpassword hash may cause denial of service

Severity Score

5.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.

Se encontró una vulnerabilidad de denegación de servicio en el servidor LDAP 389-ds-base. Este problema puede permitir que un usuario autenticado provoque una denegación de servicio del servidor al intentar iniciar sesión con un usuario con un hash mal formado en su contraseña.

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.9 for RHEL 8.10. Issues addressed include a denial of service vulnerability.

*Credits: This issue was discovered by Têko Mihinto (Red Hat).

CVSS Scores

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-13 CVE Reserved
2024-06-18 CVE Published
2025-02-18 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-1288: Improper Validation of Consistency within Input

CAPEC

References (12)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2024:4633	2024-07-18
https://access.redhat.com/security/cve/CVE-2024-5953	2024-07-18
https://bugzilla.redhat.com/show_bug.cgi?id=2292104	2024-07-18
https://access.redhat.com/errata/RHSA-2024:4997	2025-02-18
https://access.redhat.com/errata/RHSA-2024:5192	2025-02-18
https://access.redhat.com/errata/RHSA-2024:5690	2025-02-18
https://access.redhat.com/errata/RHSA-2024:6153	2025-02-18
https://access.redhat.com/errata/RHSA-2024:6568	2025-02-18
https://access.redhat.com/errata/RHSA-2024:6569	2025-02-18
https://access.redhat.com/errata/RHSA-2024:6576	2025-02-18
https://access.redhat.com/errata/RHSA-2024:7458	2025-02-18
https://access.redhat.com/errata/RHSA-2025:1632	2025-02-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				*		-		Affected
Red Hat Search vendor "Red Hat"		Enterprise Linux Search vendor "Red Hat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Directory Server Search vendor "Redhat" for product "Directory Server"				*		-		Affected
Redhat Search vendor "Redhat"		Directory Server E4s Search vendor "Redhat" for product "Directory Server E4s"				*		-		Affected
Redhat Search vendor "Redhat"		Directory Server Eus Search vendor "Redhat" for product "Directory Server Eus"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Eus Search vendor "Redhat" for product "Rhel Eus"				*		-		Affected
Alma Search vendor "Alma"		Linux Search vendor "Alma" for product "Linux"				*		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				*		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				*		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				*		-		Affected
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				*		-		Affected
Red Hat Search vendor "Red Hat"		Directory Server Search vendor "Red Hat" for product "Directory Server"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Els Search vendor "Redhat" for product "Rhel Els"				*		-		Affected
Redhat Search vendor "Redhat"		Rhel Eus Search vendor "Redhat" for product "Rhel Eus"				*		-		Affected
Rocky Search vendor "Rocky"		Linux Search vendor "Rocky" for product "Linux"				*		-		Affected
Suse Search vendor "Suse"		Sle-module-server-applications Search vendor "Suse" for product "Sle-module-server-applications"				*		-		Affected
Suse Search vendor "Suse"		Sle Hpc-espos Search vendor "Suse" for product "Sle Hpc-espos"				*		-		Affected
Suse Search vendor "Suse"		Sle Hpc-ltss Search vendor "Suse" for product "Sle Hpc-ltss"				*		-		Affected
Suse Search vendor "Suse"		Sle Hpc Search vendor "Suse" for product "Sle Hpc"				*		-		Affected
Suse Search vendor "Suse"		Sles-ltss Search vendor "Suse" for product "Sles-ltss"				*		-		Affected
Suse Search vendor "Suse"		Sles Search vendor "Suse" for product "Sles"				*		-		Affected
Suse Search vendor "Suse"		Sles Sap Search vendor "Suse" for product "Sles Sap"				*		-		Affected
Suse Search vendor "Suse"		Suse-manager-proxy Search vendor "Suse" for product "Suse-manager-proxy"				*		-		Affected
Suse Search vendor "Suse"		Suse-manager-server Search vendor "Suse" for product "Suse-manager-server"				*		-		Affected