CVE-2024-3657 โ€” Improper Input Validation in 389-ds-base

CWE-20 โ€” Improper Input Validation5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Port389 389-ds-base
Timeline
PublishedMay 28

Description

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

โ–ถDebianport389/389-ds-base< 1.4.4.11-2+deb11u1+2

๐Ÿ”ดVulnerability Details

2
CVEList
389-ds-base: potential denial of service via specially crafted kerberos as-req requestโ†—2024-05-28
โ–ถ
OSV
CVE-2024-3657: A flaw was found in 389-ds-baseโ†—2024-05-28
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Red Hat
389-ds-base: potential denial of service via specially crafted kerberos AS-REQ requestโ†—2024-05-28
โ–ถ
Debian
CVE-2024-3657: 389-ds-base - A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially ...โ†—2024
โ–ถ
CVE-2024-3657 โ€” Improper Input Validation | cvebase