CVE-2024-1062 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

2024-02-1213:04:39

CWE-122

redhat

github.com

cve-2024-1062

log_entry_attr

denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

JSON

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

CNA Affected

[
  {
    "cpes": [
      "cpe:/a:redhat:directory_server:11.7::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Directory Server 11.7 for RHEL 8",
    "versions": [
      {
        "status": "unaffected",
        "version": "8080020240306153507.f969626e",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "redhat-ds:11",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:directory_server:11.8::el8"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Directory Server 11.8 for RHEL 8",
    "versions": [
      {
        "status": "unaffected",
        "version": "8090020240606122459.91529cd0",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "redhat-ds:11",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "versions": [
      {
        "status": "unaffected",
        "version": "8100020240315011748.945b6f6d",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "389-ds:1.4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.6::appstream"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "versions": [
      {
        "status": "unaffected",
        "version": "8060020240213164457.824efc52",
        "lessThan": "*",
        "versionType": "rpm"
      }
    ],
    "packageName": "389-ds:1.4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/a:redhat:directory_server:12"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Directory Server 12",
    "packageName": "redhat-ds:12/389-ds-base",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "packageName": "389-ds-base",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "packageName": "389-ds-base",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ],
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "packageName": "389-ds-base",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "affected"
  }
]