CVE-2024-1062 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

2024-02-1213:04:39

CWE-122

redhat

www.cve.org

cve-2024-1062

389-ds-base

heap overflow

denial-of-service

log_entry_attr

larger than 256 chars

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Directory Server 11.7 for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "redhat-ds:11",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8080020240306153507.f969626e",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:directory_server:11.7::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Directory Server 11.8 for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "redhat-ds:11",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8090020240606122459.91529cd0",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:directory_server:11.8::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "389-ds:1.4",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8100020240315011748.945b6f6d",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "389-ds:1.4",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8060020240213164457.824efc52",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.6::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Directory Server 12",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "redhat-ds:12/389-ds-base",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:directory_server:12"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "389-ds-base",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "389-ds-base",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "389-ds-base",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]