CVE-2025-2487NULL Pointer Dereference in 389-ds-base

CWE-476NULL Pointer Dereference6 documents6 sources
Severity
4.9MEDIUMNVD
EPSS
0.6%
top 31.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Port389 389-ds-base
Timeline
PublishedMar 18

Description

A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

Debianport389/389-ds-base< 3.1.2+dfsg1-1

🔴Vulnerability Details

3
GHSA
GHSA-33fh-4pvq-9x35: A flaw was found in the 389-ds-base LDAP Server2025-03-18
CVEList
389-ds-base: null pointer dereference leads to denial of service2025-03-18
OSV
CVE-2025-2487: A flaw was found in the 389-ds-base LDAP Server2025-03-18

📋Vendor Advisories

2
Red Hat
389-ds-base: null pointer dereference leads to denial of service2025-03-18
Debian
CVE-2025-2487: 389-ds-base - A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing ...2025
CVE-2025-2487 — NULL Pointer Dereference in 389-ds-base | cvebase