CVE-2024-1062

CWE-122Heap-based Buffer Overflow6 documents6 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 94.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Redhat 389 Directory ServerFedoraproject FedoraRedhat Directory Server+10 more
Timeline
PublishedFeb 12

Description

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Debian389-ds-base< 2.3.4+dfsg1-1
NVDredhat/directory_server11.7, 11.8, 12.0+2

Also affects: Fedora 39, 40, 41, Enterprise Linux 8.0, 8.6, 8.8, 9.2

🔴Vulnerability Details

3
GHSA
GHSA-6v6c-gc45-x65c: A heap overflow flaw was found in 389-ds-base2024-02-12
OSV
CVE-2024-1062: A heap overflow flaw was found in 389-ds-base2024-02-12
CVEList
389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)2024-02-12

📋Vendor Advisories

2
Red Hat
389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)2024-01-30
Debian
CVE-2024-1062: 389-ds-base - A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of s...2024