CVE-2022-0918
published 2022-03-16CVE-2022-0918: A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | 389-ds-base | < 389-ds-base 2.0.15-1.1 (bookworm) | 389-ds-base 2.0.15-1.1 (bookworm) |
| port389 | 389-ds-base | — | — |
| port389 | 389-ds-base | — | — |
| port389 | 389-ds-base | >= 0 < 1.4.4.11-2+deb11u1 | 1.4.4.11-2+deb11u1 |
| port389 | 389-ds-base | >= 0 < 2.0.15-1.1 | 2.0.15-1.1 |
| port389 | 389-ds-base | >= 0 < 2.0.15-1.1 | 2.0.15-1.1 |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
Red Hat
389-ds-base: sending crafted message could result in DoS
vendor_redhat·2022-03-16·CVSS 7.5
CVE-2022-0918 [HIGH] CWE-400 389-ds-base: sending crafted message could result in DoS
389-ds-base: sending crafted message could result in DoS
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
A vulnerability was found in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection. No bind or other authentication is required. This message triggers a segmentation fault that results in slapd crashing.
Package:
Debian
CVE-2022-0918: 389-ds-base - A vulnerability was discovered in the 389 Directory Server that allows an unauth...
vendor_debian·2022·CVSS 7.5
CVE-2022-0918 [HIGH] CVE-2022-0918: 389-ds-base - A vulnerability was discovered in the 389 Directory Server that allows an unauth...
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
Scope: local
bookworm: resolved (fixed in 2.0.15-1.1)
bullseye: resolved (fixed in 1.4.4.11-2+deb11u1)
sid: resolved (fixed in 2.0.15-1.1)
trixie: resolved (fixed in 2.0.15-1.1)
GHSA
GHSA-2h5q-vphx-mcwx: A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a den
ghsa_unreviewed·2022-03-17
CVE-2022-0918 [HIGH] GHSA-2h5q-vphx-mcwx: A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a den
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
OSV
CVE-2022-0918: A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a den
osv·2022-03-16·CVSS 7.5
CVE-2022-0918 [HIGH] CVE-2022-0918: A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a den
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://access.redhat.com/security/cve/CVE-2022-0918https://bugzilla.redhat.com/show_bug.cgi?id=2055815https://github.com/389ds/389-ds-base/issues/5242https://lists.debian.org/debian-lts-announce/2023/04/msg00026.htmlhttps://access.redhat.com/security/cve/CVE-2022-0918https://bugzilla.redhat.com/show_bug.cgi?id=2055815https://github.com/389ds/389-ds-base/issues/5242https://lists.debian.org/debian-lts-announce/2023/04/msg00026.htmlhttps://lists.debian.org/debian-lts-announce/2025/01/msg00015.html
2022-03-16
Published