Bundle - PoC LDAPNightmare: The CVE Mix-Up (as noted by @wdormann@infosec.exchange)

PoC LDAPNightmare: The CVE Mix-Up (as noted by @wdormann@infosec.exchange)

Created on 2025-01-02 22:00, updated on 2025-01-02 22:04, by Cédric Bonhomme

Description

A PoC for CVE-2024-49113 titled “Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability.” is provided by SafeBreach.

However, there was confusion between CVE-2024-49113 (DoS) and CVE-2024-49112 (RCE - CVSS 9.8), as noted by @wdormann@infosec.exchange:

https://github.com/SafeBreach-Labs/CVE-2024-49113/commit/eb76381b2927ce78c86743267d898b4ebfcbb187

Vulnerabilities included in this bundle

Meta

[
  {
    "ref": [
      "https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49113/",
      "https://infosec.exchange/@wdormann/113760656970284159",
      "https://infosec.exchange/@wdormann/113760610915798924",
      "https://github.com/SafeBreach-Labs/CVE-2024-49113"
    ]
  }
]

Combined detection rules

Detection rules are retrieved from Rulezet.

Combined sightings

Author	Vulnerability	Source	Type	Date