Lucene search
RedhatCVE-2022-2850HistoryOct 14, 2022 - 6:15 p.m.
CVE-2022-2850
2022-10-1418:15:14
CWE-476
redhat
web.nvd.nist.gov
156
5
389-ds-base
content synchronization plugin
authenticated user
null pointer dereference
denial of service
cve-2022-2850
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
42.5%
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.
Affected configurations
Node
redhatdirectory_serverMatch11.0
ORredhatdirectory_serverMatch12.0
ORredhatenterprise_linuxMatch6.0
ORredhatenterprise_linuxMatch7.0
ORredhatenterprise_linuxMatch8.0
ORredhatenterprise_linuxMatch9.0
Node
fedoraprojectfedoraMatch35
ORfedoraprojectfedoraMatch36
Node
port389389-ds-baseRange2.0.0–2.4.1
Node
debiandebian_linuxMatch10.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | directory_server | 11.0 | cpe:2.3:a:redhat:directory_server:11.0:*:*:*:*:*:*:* |
| redhat | directory_server | 12.0 | cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 6.0 | cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 7.0 | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 8.0 | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 9.0 | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
| fedoraproject | fedora | 35 | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
| fedoraproject | fedora | 36 | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
| port389 | 389-ds-base | * | cpe:2.3:a:port389:389-ds-base:*:*:*:*:*:*:*:* |
| debian | debian_linux | 10.0 | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "n/a",
"product": "389-ds-base",
"versions": [
{
"version": "389-ds-base-2.0.x+",
"status": "affected"
}
]
}
]References
Social References
More
Related
osv
osv
CVE-2022-2850
2022-10-14 18:15:14
Moderate: 389-ds:1.4 security update
2022-10-25 07:33:40
Moderate: 389-ds:1.4 security update
2022-10-25 00:00:00
redhatcve
redhatcve
CVE-2022-2850
2022-08-16 17:25:03
CVE-2021-3514
2021-04-27 08:17:20
nvd
nvd
CVE-2022-2850
2022-10-14 18:15:14
CVE-2021-3514
2021-05-28 15:15:09
ubuntucve
ubuntucve
CVE-2022-2850
2022-10-14 00:00:00
CVE-2021-3514
2021-05-28 00:00:00
mageia
mageia
Updated 389-ds-base packages fix security vulnerability
2022-11-08 22:44:28
nessus
nessus
Rocky Linux 8 : 389-ds:1.4 (RLSA-2022:7133)
2022-11-17 00:00:00
Amazon Linux 2 : 389-ds-base (ALAS-2022-1879)
2022-12-07 00:00:00
Oracle Linux 7 : 389-ds-base (ELSA-2022-7087)
2022-10-25 00:00:00
debiancve
debiancve
CVE-2022-2850
2022-10-14 18:15:14
CVE-2021-3514
2021-05-28 15:15:09
cvelist
cvelist
CVE-2022-2850
2022-10-14 00:00:00
CVE-2021-3514
2021-05-28 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0413)
2022-11-09 00:00:00
openSUSE: Security Advisory for 389-ds (SUSE-SU-2022:3029-1)
2022-09-06 00:00:00
CentOS: Security Advisory for 389-ds-base (CESA-2022:7087)
2022-10-27 00:00:00
prion
prion
Null pointer dereference
2022-10-14 18:15:00
Null pointer dereference
2021-05-28 15:15:00
redhat
redhat
(RHSA-2022:8886) Moderate: redhat-ds:11 security, bug fix, and enhancement update
2022-12-07 11:50:35
(RHSA-2023:0479) Moderate: redhat-ds:12 security update
2023-01-26 17:09:48
(RHSA-2022:8680) Moderate: 389-ds:1.4 security update
2022-11-29 13:29:29
oraclelinux
oraclelinux
389-ds-base security and bug fix update
2022-10-25 00:00:00
389-ds:1.4 security update
2022-10-27 00:00:00
389-ds-base security, bug fix, and enhancement update
2022-11-22 00:00:00
suse
suse
Security update for 389-ds (moderate)
2022-09-16 00:00:00
Security update for 389-ds (moderate)
2022-09-05 00:00:00
Security update for 389-ds (moderate)
2021-06-14 00:00:00
centos
centos
389 security update
2022-10-26 14:16:15
rocky
rocky
389-ds:1.4 security update
2022-10-25 07:33:40
389-ds-base security, bug fix, and enhancement update
2022-11-15 06:17:19
389-ds:1.4 security and bug fix update
2021-06-29 14:00:08
veracode
veracode
Denial Of Service (DoS)
2022-11-10 00:44:40
Denial Of Service (DoS)
2021-05-20 23:18:19
almalinux
almalinux
Moderate: 389-ds:1.4 security update
2022-10-25 00:00:00
Moderate: 389-ds-base security, bug fix, and enhancement update
2022-11-15 00:00:00
Moderate: 389-ds:1.4 security and bug fix update
2021-06-29 14:00:08
amazon
amazon
Medium: 389-ds-base
2022-12-01 20:31:00
cve
cve
CVE-2021-3514
2021-05-28 15:15:09
debian
debian
[SECURITY] [DLA 3399-1] 389-ds-base security update
2023-04-24 05:25:20
ubuntu
ubuntu
389 Directory Server vulnerabilities
2022-07-18 00:00:00
archlinux
archlinux
[ASA-202107-72] 389-ds-base: multiple issues
2021-07-27 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
42.5%
Related for CVE-2022-2850