CVE-2021-3514 — NULL Pointer Dereference in 389-ds-base

CWE-476 — NULL Pointer Dereference9 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 43.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Port389 389-ds-base

Timeline

PublishedMay 28

Latest updateAug 4

Description

When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Debianport389/389-ds-base< 1.4.4.11-2+2

▶CVEListV5port389/389-ds-base389-ds-base 1.4.3

🔴Vulnerability Details

OSV

389-ds-base vulnerabilities↗2022-07-18

▶

GHSA

GHSA-4mjm-c95j-8748: When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing↗2022-05-24

▶

CVEList

CVE-2021-3514: When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing↗2021-05-28

▶

OSV

CVE-2021-3514: When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing↗2021-05-28

▶

📋Vendor Advisories

Red Hat

389-ds-base: SIGSEGV in sync_repl↗2022-08-04

▶

Ubuntu

389 Directory Server vulnerabilities↗2022-07-18

▶

Red Hat

389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()↗2021-04-01

▶

Debian

CVE-2021-3514: 389-ds-base - When using a sync_repl client in 389-ds-base, an authenticated attacker can caus...↗2021

▶