CVE ID | Published | Description | Score | Severity |
---|---|---|---|---|
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service. | 6.5 |
Medium |
||
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. | 5.5 |
Medium |
||
When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash. | 6.5 |
Medium |
||
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database. | 5.3 |
Medium |
||
The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query. | 7.5 |
High |