Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-2850 (GCVE-0-2022-2850)
Vulnerability from cvelistv5 – Published: 2022-10-14 00:00 – Updated: 2025-11-03 20:34
VLAI
EPSS
Summary
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- denial of service
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | 389-ds-base |
Affected:
389-ds-base-2.0.x+
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:34:50.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-2850"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2850",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T15:06:25.646319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T15:06:55.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "389-ds-base-2.0.x+"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T08:06:23.001Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118691"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2850"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2850",
"datePublished": "2022-10-14T00:00:00.000Z",
"dateReserved": "2022-08-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T20:34:50.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-2850",
"date": "2026-06-03",
"epss": "0.00355",
"percentile": "0.58062"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:directory_server:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A169F6D-88A5-4631-9D30-519350ACFE6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3DAF61A-58A9-41A6-A4DC-64148055B0C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:port389:389-ds-base:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndIncluding\": \"2.4.1\", \"matchCriteriaId\": \"054799AD-A5F0-4A96-AE9F-6C902CD5D1C7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.\"}, {\"lang\": \"es\", \"value\": \"Se ha encontrado un fallo en 389-ds-base. Cuando el plugin de sincronizaci\\u00f3n de contenidos est\\u00e1 habilitado, un usuario autenticado puede llegar a una desreferencia de puntero NULL usando una consulta especialmente dise\\u00f1ada. Este fallo permite a un atacante autenticado causar una denegaci\\u00f3n de servicio. Esta CVE est\\u00e1 asignada a una correcci\\u00f3n incompleta de CVE-2021-3514\"}]",
"id": "CVE-2022-2850",
"lastModified": "2024-11-21T07:01:48.380",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
"published": "2022-10-14T18:15:14.980",
"references": "[{\"url\": \"https://access.redhat.com/security/cve/CVE-2022-2850\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2118691\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-2850\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2118691\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-2850\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-10-14T18:15:14.980\",\"lastModified\":\"2025-11-03T21:15:52.280\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un fallo en 389-ds-base. Cuando el plugin de sincronizaci\u00f3n de contenidos est\u00e1 habilitado, un usuario autenticado puede llegar a una desreferencia de puntero NULL usando una consulta especialmente dise\u00f1ada. Este fallo permite a un atacante autenticado causar una denegaci\u00f3n de servicio. Esta CVE est\u00e1 asignada a una correcci\u00f3n incompleta de CVE-2021-3514\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:directory_server:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A169F6D-88A5-4631-9D30-519350ACFE6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3DAF61A-58A9-41A6-A4DC-64148055B0C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:port389:389-ds-base:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.4.1\",\"matchCriteriaId\":\"054799AD-A5F0-4A96-AE9F-6C902CD5D1C7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-2850\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2118691\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-2850\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2118691\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2118691\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-2850\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:34:50.179Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-2850\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-15T15:06:25.646319Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476 NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-15T15:06:51.911Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"389-ds-base\", \"versions\": [{\"status\": \"affected\", \"version\": \"389-ds-base-2.0.x+\"}]}], \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2118691\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-2850\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"denial of service\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2023-04-24T08:06:23.001Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-2850\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T20:34:50.179Z\", \"dateReserved\": \"2022-08-16T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2022-10-14T00:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2022:3029-1
Vulnerability from csaf_suse - Published: 2022-09-05 14:41 - Updated: 2022-09-05 14:41Summary
Security update for 389-ds
Severity
Moderate
Notes
Title of the patch: Security update for 389-ds
Description of the patch: This update for 389-ds fixes the following issues:
- CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470).
Non-security fixes:
- Update to version 1.4.4.19~git46.c900a28c8:
* CI - makes replication/acceptance_test.py::test_modify_entry more robust
* UI - LDAP Editor is not updated when we switch instances
- Improvements to openldap import with password policy present (bsc#1199908)
- Update to version 1.4.4.19~git43.8ba2ea21f:
* fix covscan
* BUG - pid file handling
* Memory leak in slapi_ldap_get_lderrno
* Need a compatibility option about sub suffix handling
* Release tarballs don't contain cockpit webapp
* Replication broken after password change
* Harden ReplicationManager.wait_for_replication
* dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int'
* CLI - dsconf backend export breaks with multiple backends
* CLI - improve task handling
Patchnames: SUSE-2022-3029,SUSE-SLE-Module-Server-Applications-15-SP3-2022-3029,openSUSE-SLE-15.3-2022-3029
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for 389-ds",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for 389-ds fixes the following issues:\n\n- CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470).\n\nNon-security fixes:\n\n- Update to version 1.4.4.19~git46.c900a28c8:\n * CI - makes replication/acceptance_test.py::test_modify_entry more robust\n * UI - LDAP Editor is not updated when we switch instances\n- Improvements to openldap import with password policy present (bsc#1199908)\n- Update to version 1.4.4.19~git43.8ba2ea21f:\n * fix covscan\n * BUG - pid file handling\n * Memory leak in slapi_ldap_get_lderrno\n * Need a compatibility option about sub suffix handling\n * Release tarballs don\u0027t contain cockpit webapp\n * Replication broken after password change\n * Harden ReplicationManager.wait_for_replication\n * dscontainer: TypeError: unsupported operand type(s) for /: \u0027str\u0027 and \u0027int\u0027\n * CLI - dsconf backend export breaks with multiple backends\n * CLI - improve task handling\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3029,SUSE-SLE-Module-Server-Applications-15-SP3-2022-3029,openSUSE-SLE-15.3-2022-3029",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3029-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3029-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223029-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3029-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012079.html"
},
{
"category": "self",
"summary": "SUSE Bug 1199908",
"url": "https://bugzilla.suse.com/1199908"
},
{
"category": "self",
"summary": "SUSE Bug 1202470",
"url": "https://bugzilla.suse.com/1202470"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2850 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2850/"
}
],
"title": "Security update for 389-ds",
"tracking": {
"current_release_date": "2022-09-05T14:41:44Z",
"generator": {
"date": "2022-09-05T14:41:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3029-1",
"initial_release_date": "2022-09-05T14:41:44Z",
"revision_history": [
{
"date": "2022-09-05T14:41:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product_id": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product_id": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product_id": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product_id": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"product_id": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product_id": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product_id": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product_id": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product_id": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"product_id": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product_id": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product_id": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product_id": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product_id": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"product_id": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product_id": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product_id": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product_id": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product_id": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"product_id": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
},
"product_reference": "libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2850"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2850",
"url": "https://www.suse.com/security/cve/CVE-2022-2850"
},
{
"category": "external",
"summary": "SUSE Bug 1202470 for CVE-2022-2850",
"url": "https://bugzilla.suse.com/1202470"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.aarch64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.ppc64le",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.s390x",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-05T14:41:44Z",
"details": "moderate"
}
],
"title": "CVE-2022-2850"
}
]
}
SUSE-SU-2022:3286-1
Vulnerability from csaf_suse - Published: 2022-09-16 07:08 - Updated: 2022-09-16 07:08Summary
Security update for 389-ds
Severity
Moderate
Notes
Title of the patch: Security update for 389-ds
Description of the patch: This update for 389-ds fixes the following issues:
- CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470).
Non-security fixes:
- Update to version 2.0.16~git20.219f047ae:
* Fix missing 'not' in description
* CI - makes replication/acceptance_test.py::test_modify_entry more robust
* fix repl keep alive event interval
* Sync_repl may crash while managing invalid cookie
* Hostname when set to localhost causing failures in other tests
* lib389 - do not set backend name to lowercase
* keep alive update event starts too soon
* Fix various memory leaks
* UI - LDAP Editor is not updated when we switch instances
* Supplier should do periodic updates
- Update sudoers schema to support UTF-8 (bsc#1197998)
- Update to version 2.0.16~git9.e2a858a86:
* UI - Various fixes and RFE's for UI
* Remove problematic language from source code
* CI - disable TLS hostname checking
* Update npm and cargo packages
* Support ECDSA private keys for TLS
Patchnames: SUSE-2022-3286,SUSE-SLE-Module-Server-Applications-15-SP4-2022-3286,openSUSE-SLE-15.4-2022-3286
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for 389-ds",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for 389-ds fixes the following issues:\n\n- CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470).\n\nNon-security fixes:\n\n- Update to version 2.0.16~git20.219f047ae:\n * Fix missing \u0027not\u0027 in description\n * CI - makes replication/acceptance_test.py::test_modify_entry more robust\n * fix repl keep alive event interval\n * Sync_repl may crash while managing invalid cookie\n * Hostname when set to localhost causing failures in other tests\n * lib389 - do not set backend name to lowercase\n * keep alive update event starts too soon\n * Fix various memory leaks\n * UI - LDAP Editor is not updated when we switch instances\n * Supplier should do periodic updates\n- Update sudoers schema to support UTF-8 (bsc#1197998)\n- Update to version 2.0.16~git9.e2a858a86:\n * UI - Various fixes and RFE\u0027s for UI\n * Remove problematic language from source code\n * CI - disable TLS hostname checking\n * Update npm and cargo packages\n * Support ECDSA private keys for TLS\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3286,SUSE-SLE-Module-Server-Applications-15-SP4-2022-3286,openSUSE-SLE-15.4-2022-3286",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3286-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3286-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223286-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3286-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012268.html"
},
{
"category": "self",
"summary": "SUSE Bug 1197998",
"url": "https://bugzilla.suse.com/1197998"
},
{
"category": "self",
"summary": "SUSE Bug 1202470",
"url": "https://bugzilla.suse.com/1202470"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2850 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2850/"
}
],
"title": "Security update for 389-ds",
"tracking": {
"current_release_date": "2022-09-16T07:08:59Z",
"generator": {
"date": "2022-09-16T07:08:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3286-1",
"initial_release_date": "2022-09-16T07:08:59Z",
"revision_history": [
{
"date": "2022-09-16T07:08:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product_id": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product_id": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product_id": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product_id": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"product_id": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product_id": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product_id": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product_id": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product_id": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"product_id": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product_id": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product_id": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product_id": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product_id": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"product_id": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product_id": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product_id": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product_id": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product_id": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"product_id": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
},
"product_reference": "libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2850"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2850",
"url": "https://www.suse.com/security/cve/CVE-2022-2850"
},
{
"category": "external",
"summary": "SUSE Bug 1202470 for CVE-2022-2850",
"url": "https://bugzilla.suse.com/1202470"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:lib389-2.0.16~git20.219f047ae-150400.3.10.1.x86_64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.aarch64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.ppc64le",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.s390x",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-16T07:08:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-2850"
}
]
}
WID-SEC-W-2022-1858
Vulnerability from csaf_certbund - Published: 2022-10-25 22:00 - Updated: 2025-01-20 23:00Summary
Red Hat Enterprise Linux (389-ds-base): Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux in der Komponente "389-ds-base" ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
Es besteht eine Schwachstelle in Red Hat Enterprise Linux in der Komponente "389-ds-base", wenn das Plugin "Content Synchronization" aktiviert ist. Ein authentifizierter Angreifer kann mit einer speziell gestalteten Abfrage eine NULL-Zeiger-Dereferenz auslösen, um einen Denial of Service Zustand zu verursachen.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 |
References
14 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux in der Komponente \"389-ds-base\" ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1858 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1858.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1858 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1858"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-10-25",
"url": "https://access.redhat.com/errata/RHSA-2022:7087"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-10-25",
"url": "https://access.redhat.com/errata/RHSA-2022:7133"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory vom 2022-10-25",
"url": "https://linux.oracle.com/errata/ELSA-2022-7087.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7133 vom 2022-10-27",
"url": "https://linux.oracle.com/errata/ELSA-2022-7133.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2022:7087 vom 2022-10-26",
"url": "https://lists.centos.org/pipermail/centos-announce/2022-October/073639.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8162 vom 2022-11-15",
"url": "https://access.redhat.com/errata/RHSA-2022:8162"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8680 vom 2022-11-29",
"url": "https://access.redhat.com/errata/RHSA-2022:8680"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1879 vom 2022-12-07",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1879.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8886 vom 2022-12-08",
"url": "https://access.redhat.com/errata/RHSA-2022:8886"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8976 vom 2022-12-13",
"url": "https://access.redhat.com/errata/RHSA-2022:8976"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0479 vom 2023-01-26",
"url": "https://access.redhat.com/errata/RHSA-2023:0479"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4021 vom 2025-01-20",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (389-ds-base): Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-01-20T23:00:00.000+00:00",
"generator": {
"date": "2025-01-21T09:16:05.644+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2022-1858",
"initial_release_date": "2022-10-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-10-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-10-26T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Oracle Linux und CentOS aufgenommen"
},
{
"date": "2022-11-15T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-29T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-06T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-12-07T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-13T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-01-26T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-20T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T014111",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2850",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat Enterprise Linux in der Komponente \"389-ds-base\", wenn das Plugin \"Content Synchronization\" aktiviert ist. Ein authentifizierter Angreifer kann mit einer speziell gestalteten Abfrage eine NULL-Zeiger-Dereferenz ausl\u00f6sen, um einen Denial of Service Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"2951",
"67646",
"398363",
"1727",
"T004914",
"T014111"
]
},
"release_date": "2022-10-25T22:00:00.000+00:00",
"title": "CVE-2022-2850"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…