CVE-2011-0019

CWE-20 — Improper Input Validation CWE-401 — Memory Leak9 documents5 sources

Severity

7.5HIGH

EPSS

0.7%

top 27.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject 389 Directory Server Redhat Directory Server

Timeline

PublishedFeb 23

Latest updateMay 3

Description

slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDredhat/directory_server8.2, 8.2.3+1

▶NVDfedoraproject/389_directory_server1.2.7.5

🔴Vulnerability Details

GHSA

GHSA-rxmx-rf7q-7wh5: slapd (aka ns-slapd) in 389 Directory Server 1↗2022-05-03

▶

CVEList

CVE-2011-0019: slapd (aka ns-slapd) in 389 Directory Server 1↗2011-02-23

▶

📋Vendor Advisories

Red Hat

Server: crash with multiple simple paged result searches↗2011-02-22

▶

Red Hat

Server: DoS via Simple Paged Results connections↗2011-01-10

▶

Red Hat

Server: Multiple memory leaks in the normalization functionality↗2010-12-16

▶

💬Community

Bugzilla

CVE-2011-1067 Directory Server: DoS via Simple Paged Results connections↗2011-02-24

▶

Bugzilla

CVE-2010-4746 Directory Server: Multiple memory leaks in the normalization functionality↗2011-02-24

▶

Bugzilla

CVE-2011-0019 Directory Server: crash with multiple simple paged result searches↗2011-01-19

▶