INFSA-2024:4235: 389-ds security update
Information about definition
Identificator: INFSA-2024:4235
Type: security
Release date: 2024-10-10 05:36:40 UTC
Information about package
389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.
Vulnerabilities description
- CVE-2024-2199
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.
- CVE-2024-3657
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-2199
|
no information | 5.7 | no information |
|
NIST — CVE-2024-3657
|
no information | 7.5 | no information |
Updated packages