CVE-2013-0336

CWE-20 — Improper Input Validation9 documents7 sources

Severity

5.0MEDIUM

EPSS

1.1%

top 21.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Freeipa

Timeline

PublishedNov 3

Latest updateMay 5

Description

The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDredhat/freeipa3.1.5+7

▶Debian389-ds-base< 1.3.2.9-1+2

Patches

Patch: fedorahosted.org ↗Patch: git.fedorahosted.org ↗Patch: fedorahosted.org ↗

🔴Vulnerability Details

GHSA

GHSA-q3fv-3w7q-43gw: The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop↗2022-05-05

▶

OSV

CVE-2013-0336: The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop↗2014-11-03

▶

CVEList

CVE-2013-0336: The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop↗2014-11-03

▶

📋Vendor Advisories

Red Hat

389-ds-base: DoS when connecting with a missing username/dn↗2013-03-27

▶

Debian

CVE-2013-0336: 389-ds-base - The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_ex...↗2013

▶

💬Community

Bugzilla

CVE-2013-0336 freeipa: DoS when connecting with a missing username/dn [fedora-18]↗2013-03-27

▶

Bugzilla

CVE-2013-0336 389-ds-base: DoS when connecting with a missing username/dn [fedora-18]↗2013-03-27

▶

Bugzilla

CVE-2013-0336 389-ds-base: DoS when connecting with a missing username/dn↗2013-02-21

▶