fkie_cve-2024-1062
Vulnerability from fkie_nvd
Published
2024-02-12 13:15
Modified
2025-02-18 11:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1074Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1372Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:3047Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:4209Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:4633Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:5690Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:7458Vendor Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1632
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2024-1062Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2256711Issue Tracking, Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2261879Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1074Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1372Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:3047Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:4209Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:4633Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2024-1062Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2256711Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2261879Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
redhat 389_directory_server *
redhat directory_server -
redhat directory_server 11.7
redhat directory_server 11.8
fedoraproject fedora 39
fedoraproject fedora 40
fedoraproject fedora 41
redhat directory_server 12.0
redhat enterprise_linux_eus 9.2
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 8.8
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_for_arm_64_eus 8.6
redhat enterprise_linux_for_arm_64_eus 8.8
redhat enterprise_linux_for_arm_64_eus 9.2
redhat enterprise_linux_for_ibm_z_systems 9.2
redhat enterprise_linux_for_ibm_z_systems_eus 8.8
redhat enterprise_linux_for_power_little_endian_eus 8.8
redhat enterprise_linux_for_power_little_endian_eus 9.2
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.8
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_tus 8.8
redhat enterprise_linux_update_services_for_sap_solutions 8.6
redhat enterprise_linux_update_services_for_sap_solutions 8.8


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:389_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "555F8661-DCE6-441E-9251-CD8D8E8734F6",
              "versionEndExcluding": "2.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:directory_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BCE19AC-8DA8-4574-B122-CF1FFB20875D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:directory_server:11.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9684A709-4D17-4AEB-BB13-9DC3B75EF902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:directory_server:11.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BF83982-31CF-4692-9055-BB65B59AFA08",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:41:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2D4E93B-C80E-4F15-9177-8B31016381C0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3DAF61A-58A9-41A6-A4DC-64148055B0C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EFBEEE7-8BC5-4F4E-8EFA-42A6743152BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "83981111-E13A-4A88-80FD-F63D7CCAA47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "78825319-8A45-4880-B7C4-2B223029DDD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C415CABF-E1C4-4E95-9424-AEEEAFF1CAE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "83364F5C-57F4-4D57-B54F-540CAC1D7753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A49ABD84-6755-4894-AD4E-49AAD39933C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "71DDE212-1018-4554-9C06-4908442DE134",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A809B2-2771-4780-9E0D-6A7B4A534CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4AEBCB-B1E6-4A6A-9E8C-DDC5A003BCB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB096D5D-E8F6-4164-8B76-0217B7151D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "01ED4F33-EBE7-4C04-8312-3DA580EFFB68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en 389-ds-base. Este problema provoca una denegaci\u00f3n de servicio al escribir un valor superior a 256 caracteres en log_entry_attr."
    }
  ],
  "id": "CVE-2024-1062",
  "lastModified": "2025-02-18T11:15:11.903",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-12T13:15:09.210",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:1074"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:1372"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:3047"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:4209"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:4633"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:5690"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:7458"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1632"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2024-1062"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256711"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261879"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:1074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:1372"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:3047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:4209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2024:4633"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2024-1062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261879"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.