A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Fedoraproject
  • Fedora
Redhat
  • 389 Directory Server
  • Directory Server
  • Directory Server Eus
  • Enterprise Linux
  • Enterprise Linux Eus
  • Enterprise Linux For Arm 64 Eus
  • Enterprise Linux For Ibm Z Systems
  • Enterprise Linux For Ibm Z Systems Eus
  • Enterprise Linux For Power Little Endian Eus
  • Enterprise Linux Server Aus
  • Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
  • Enterprise Linux Server Tus
  • Enterprise Linux Update Services For Sap Solutions
  • Rhel Eus

Configuration 1 [-]

cpe:2.3:o:redhat:389_directory_server:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:directory_server:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:11.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:11.8:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:41:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Directory Server 11.7 for RHEL 8
redhat-ds:11-8080020240306153507.f969626e cpe:/a:redhat:directory_server:11.7::el8 RHSA-2024:1372 2024-03-19T00:00:00Z
Red Hat Directory Server 11.8 for RHEL 8
redhat-ds:11-8090020240606122459.91529cd0 cpe:/a:redhat:directory_server:11.8::el8 RHSA-2024:4209 2024-07-02T00:00:00Z
Red Hat Directory Server 12.2 EUS for RHEL 9
redhat-ds:12-9020020240916150035.1674d574 cpe:/a:redhat:directory_server_eus:12.2::el9 RHSA-2024:7458 2024-10-01T00:00:00Z
Red Hat Enterprise Linux 8
389-ds:1.4-8100020240315011748.945b6f6d cpe:/a:redhat:enterprise_linux:8 RHSA-2024:3047 2024-05-22T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
389-ds:1.4-8060020240213164457.824efc52 cpe:/a:redhat:rhel_eus:8.6 RHSA-2024:1074 2024-03-05T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
389-ds:1.4-8080020240807050952.6dbb3803 cpe:/a:redhat:rhel_eus:8.8 RHSA-2024:5690 2024-08-21T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
389-ds-base-0:2.2.4-9.el9_2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2024:4633 2024-07-18T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2024:1074 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:1372 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:3047 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4209 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:4633 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:5690 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:7458 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-1062 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2256711 cve-icon cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2261879 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-1062 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-1062 cve-icon
History

Thu, 10 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Fedoraproject
Fedoraproject fedora
Redhat 389 Directory Server
Redhat enterprise Linux Eus
Redhat enterprise Linux For Arm 64 Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux Server Aus
Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux Server Tus
Redhat enterprise Linux Update Services For Sap Solutions
CPEs cpe:2.3:a:redhat:directory_server:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:11.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:11.8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:41:*:*:*:*:*:*:*
cpe:2.3:o:redhat:389_directory_server:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
Vendors & Products Fedoraproject
Fedoraproject fedora
Redhat 389 Directory Server
Redhat enterprise Linux Eus
Redhat enterprise Linux For Arm 64 Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux Server Aus
Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Redhat enterprise Linux Server Tus
Redhat enterprise Linux Update Services For Sap Solutions

Tue, 01 Oct 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Oct 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat directory Server Eus
CPEs cpe:/a:redhat:directory_server_eus:12.2::el9
Vendors & Products Redhat directory Server Eus
References

Wed, 21 Aug 2024 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:8.8

Wed, 21 Aug 2024 12:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:8.8::appstream
References
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-02-12T13:04:39.944Z

Updated: 2024-11-06T14:47:06.444Z

Reserved: 2024-01-30T08:40:08.731Z

Link: CVE-2024-1062

cve-icon Vulnrichment

Updated: 2024-08-01T18:26:30.502Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-12T13:15:09.210

Modified: 2024-10-10T14:22:28.617

Link: CVE-2024-1062

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-01-30T00:00:00Z

Links: CVE-2024-1062 - Bugzilla