CVE-2013-4283 — Improper Input Validation in 389 Directory Server

CWE-20 — Improper Input Validation9 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.8%

top 26.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Port389 389-ds-base Fedoraproject 389 Directory Server

Timeline

PublishedSep 10

Latest updateMay 17

Description

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDfedoraproject/389_directory_server1.3.0.7+5

▶Debianport389/389-ds-base< 1.3.2.9-1+2

Patches

Patch: directory.fedoraproject.org ↗Patch: directory.fedoraproject.org ↗

🔴Vulnerability Details

GHSA

GHSA-w5qq-w4qc-mwpx: ns-slapd in 389 Directory Server before 1↗2022-05-17

▶

OSV

CVE-2013-4283: ns-slapd in 389 Directory Server before 1↗2013-09-10

▶

CVEList

CVE-2013-4283: ns-slapd in 389 Directory Server before 1↗2013-09-10

▶

📋Vendor Advisories

Red Hat

389-ds-base: ns-slapd crash due to bogus DN↗2013-08-28

▶

Debian

CVE-2013-4283: 389-ds-base - ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause...↗2013

▶

💬Community

Bugzilla

CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN [fedora-all]↗2013-08-28

▶

Bugzilla

CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN [epel-5]↗2013-08-28

▶

Bugzilla

CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN↗2013-08-21

▶