CVE-2013-4485

CWE-20 — Improper Input Validation9 documents7 sources

Severity

4.0MEDIUM

EPSS

0.4%

top 41.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Directory Server Fedoraproject 389 Directory Server Redhat Enterprise Linux

Timeline

PublishedNov 23

Latest updateMay 14

Description

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶NVDredhat/directory_server8.2+3

▶NVDfedoraproject/389_directory_server1.2.11.15

▶Debian389-ds-base< 1.3.2.9-1+2

Also affects: Enterprise Linux 6.0

🔴Vulnerability Details

GHSA

GHSA-jhmx-jgjc-h9h7: 389 Directory Server 1↗2022-05-14

▶

OSV

CVE-2013-4485: 389 Directory Server 1↗2013-11-23

▶

CVEList

CVE-2013-4485: 389 Directory Server 1↗2013-11-23

▶

📋Vendor Advisories

Red Hat

389-ds-base: DoS due to improper handling of ger attr searches↗2013-11-21

▶

Debian

CVE-2013-4485: 389-ds-base - 389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) a...↗2013

▶

💬Community

Bugzilla

CVE-2013-4485 389-ds-base: DoS due to improper handling of ger attr searches [fedora-all]↗2013-11-21

▶

Bugzilla

CVE-2013-4485 389-ds-base: DoS due to improper handling of ger attr searches [epel-5]↗2013-11-21

▶

Bugzilla

CVE-2013-4485 389-ds-base: DoS due to improper handling of ger attr searches↗2013-10-29

▶