CVE-2010-4746 — Missing Release of Memory after Effective Lifetime in 389 Directory Server

CWE-399 CWE-401 — Missing Release of Memory after Effective Lifetime5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 35.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject 389 Directory Server

Timeline

PublishedFeb 23

Latest updateMay 17

Description

Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved applications," related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDfedoraproject/389_directory_server1.2.7+6

Patches

Patch: directory.fedoraproject.org ↗Patch: bugzilla.redhat.com ↗Patch: directory.fedoraproject.org ↗

🔴Vulnerability Details

GHSA

GHSA-23jq-44mr-vjqc: Multiple memory leaks in the normalization functionality in 389 Directory Server before 1↗2022-05-17

▶

CVEList

CVE-2010-4746: Multiple memory leaks in the normalization functionality in 389 Directory Server before 1↗2011-02-23

▶

📋Vendor Advisories

Red Hat

Server: Multiple memory leaks in the normalization functionality↗2010-12-16

▶

💬Community

Bugzilla

CVE-2010-4746 Directory Server: Multiple memory leaks in the normalization functionality↗2011-02-24

▶