CVE-2024-2199 - OpenCVE

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Directory Server Enterprise Linux Rhel Eus

No data.

Package	CPE	Advisory	Released Date
Red Hat Directory Server 11.8 for RHEL 8
redhat-ds:11-8090020240606122459.91529cd0	cpe:/a:redhat:directory_server:11.8::el8	RHSA-2024:4209	2024-07-02T00:00:00Z
Red Hat Directory Server 11.9 for RHEL 8
redhat-ds:11-8100020240604161237.37ed7c03	cpe:/a:redhat:directory_server:11.9::el8	RHSA-2024:4210	2024-07-02T00:00:00Z
Red Hat Directory Server 12.4 for RHEL 9
redhat-ds:12-9040020240604143706.1674d574	cpe:/a:redhat:directory_server:12.4::el9	RHSA-2024:4092	2024-06-25T00:00:00Z
Red Hat Enterprise Linux 7
389-ds-base-0:1.3.11.1-5.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2024:3591	2024-06-04T00:00:00Z
Red Hat Enterprise Linux 8
389-ds:1.4-8100020240613122040.25e700aa	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:4235	2024-07-02T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
389-ds:1.4-8080020240807050952.6dbb3803	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:5690	2024-08-21T00:00:00Z
Red Hat Enterprise Linux 9
389-ds-base-0:2.4.5-8.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:3837	2024-06-11T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
389-ds-base-0:2.2.4-9.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:4633	2024-07-18T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:3591
https://access.redhat.com/errata/RHSA-2024:3837
https://access.redhat.com/errata/RHSA-2024:4092
https://access.redhat.com/errata/RHSA-2024:4209
https://access.redhat.com/errata/RHSA-2024:4210
https://access.redhat.com/errata/RHSA-2024:4235
https://access.redhat.com/errata/RHSA-2024:4633
https://access.redhat.com/errata/RHSA-2024:5690
https://access.redhat.com/security/cve/CVE-2024-2199
https://bugzilla.redhat.com/show_bug.cgi?id=2267976
https://nvd.nist.gov/vuln/detail/CVE-2024-2199
https://www.cve.org/CVERecord?id=CVE-2024-2199

History

Wed, 21 Aug 2024 19:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:8.8

Wed, 21 Aug 2024 12:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:8.8::appstream
References		https://access.redhat.com/errata/RHSA-2024:5690

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-05-28T12:04:07.401Z

Updated: 2024-09-16T19:15:03.539Z

Reserved: 2024-03-05T18:54:52.210Z

Link: CVE-2024-2199

Vulnrichment

Updated: 2024-08-01T19:03:39.378Z

NVD

Status : Awaiting Analysis

Published: 2024-05-28T12:15:08.950

Modified: 2024-08-21T13:15:04.610

Link: CVE-2024-2199

Redhat

Severity : Moderate

Publid Date: 2024-05-28T00:00:00Z

Links: CVE-2024-2199 - Bugzilla

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object