CVE-2024-5953 โ€” Improper Validation of Consistency within Input in 389-ds-base

CWE-1288 โ€” Improper Validation of Consistency within Input6 documents6 sources
Severity
5.7MEDIUMNVD
EPSS
0.1%
top 78.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Port389 389-ds-base
Timeline
PublishedJun 18

Description

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.1 | Impact: 3.6

Affected Packages1 packages

โ–ถDebianport389/389-ds-base< 1.4.4.11-2+deb11u1+2

๐Ÿ”ดVulnerability Details

3
OSV
CVE-2024-5953: A denial of service vulnerability was found in the 389-ds-base LDAP serverโ†—2024-06-18
โ–ถ
CVEList
389-ds-base: malformed userpassword hash may cause denial of serviceโ†—2024-06-18
โ–ถ
GHSA
GHSA-9h7v-6cr6-hcpx: A denial of service vulnerability was found in the 389-ds-base LDAP serverโ†—2024-06-18
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Red Hat
389-ds-base: Malformed userPassword hash may cause Denial of Serviceโ†—2024-06-13
โ–ถ
Debian
CVE-2024-5953: 389-ds-base - A denial of service vulnerability was found in the 389-ds-base LDAP server. This...โ†—2024
โ–ถ
CVE-2024-5953 โ€” Port389 389-ds-base vulnerability | cvebase