CVE-2024-2199 (GCVE-0-2024-2199)

Vulnerability from cvelistv5 – Published: 2024-05-28 12:04 – Updated: 2026-02-25 19:31
VLAI
Title
389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c
Summary
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.
Severity
5.7 (Medium)
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-20 - Improper Input Validation
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2024:3591 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3837 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4092 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4209 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4210 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4235 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4633 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:5690 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:1632 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2199 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2267976 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 0 , < 3.1.1 (semver)
Red Hat Red Hat Directory Server 11.5 E4S for RHEL 8 Unaffected: 8060020250210084424.0ca98e7e , < * (rpm)
    cpe:/a:redhat:directory_server_e4s:11.5::el8
 Create a notification for this product.
Red Hat Red Hat Directory Server 11.8 for RHEL 8 Unaffected: 8090020240606122459.91529cd0 , < * (rpm)
    cpe:/a:redhat:directory_server:11.8::el8
 Create a notification for this product.
Red Hat Red Hat Directory Server 11.9 for RHEL 8 Unaffected: 8100020240604161237.37ed7c03 , < * (rpm)
    cpe:/a:redhat:directory_server:11.9::el8
 Create a notification for this product.
Red Hat Red Hat Directory Server 12.4 for RHEL 9 Unaffected: 9040020240604143706.1674d574 , < * (rpm)
    cpe:/a:redhat:directory_server:12.4::el9
 Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7 Unaffected: 0:1.3.11.1-5.el7_9 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:7::server
    cpe:/o:redhat:enterprise_linux:7::computenode
    cpe:/o:redhat:enterprise_linux:7::client
    cpe:/o:redhat:enterprise_linux:7::workstation
 Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020240613122040.25e700aa , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::appstream
 Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 8080020240807050952.6dbb3803 , < * (rpm)
    cpe:/a:redhat:rhel_eus:8.8::appstream
 Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.4.5-8.el9_4 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/a:redhat:enterprise_linux:9::crb
 Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:2.2.4-9.el9_2 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.2::appstream
 Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
 Create a notification for this product.
Date Public
2024-05-28 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2199",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T15:52:25.507062Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:30:35.441Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:36:43.979Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:3591",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3591"
          },
          {
            "name": "RHSA-2024:3837",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3837"
          },
          {
            "name": "RHSA-2024:4092",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4092"
          },
          {
            "name": "RHSA-2024:4209",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4209"
          },
          {
            "name": "RHSA-2024:4210",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4210"
          },
          {
            "name": "RHSA-2024:4235",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4235"
          },
          {
            "name": "RHSA-2024:4633",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4633"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-2199"
          },
          {
            "name": "RHBZ#2267976",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267976"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/389ds/389-ds-base",
          "defaultStatus": "unaffected",
          "packageName": "389-ds-base",
          "versions": [
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server_e4s:11.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:11",
          "product": "Red Hat Directory Server 11.5 E4S for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020250210084424.0ca98e7e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:11.8::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:11",
          "product": "Red Hat Directory Server 11.8 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8090020240606122459.91529cd0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:11.9::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:11",
          "product": "Red Hat Directory Server 11.9 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020240604161237.37ed7c03",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:directory_server:12.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-ds:12",
          "product": "Red Hat Directory Server 12.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "9040020240604143706.1674d574",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7::server",
            "cpe:/o:redhat:enterprise_linux:7::computenode",
            "cpe:/o:redhat:enterprise_linux:7::client",
            "cpe:/o:redhat:enterprise_linux:7::workstation"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.3.11.1-5.el7_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020240613122040.25e700aa",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds:1.4",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020240807050952.6dbb3803",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.5-8.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.4-9.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "389-ds-base",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-05-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-25T19:31:16.990Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:3591",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3591"
        },
        {
          "name": "RHSA-2024:3837",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3837"
        },
        {
          "name": "RHSA-2024:4092",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4092"
        },
        {
          "name": "RHSA-2024:4209",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4209"
        },
        {
          "name": "RHSA-2024:4210",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4210"
        },
        {
          "name": "RHSA-2024:4235",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4235"
        },
        {
          "name": "RHSA-2024:4633",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4633"
        },
        {
          "name": "RHSA-2024:5690",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:5690"
        },
        {
          "name": "RHSA-2025:1632",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:1632"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-2199"
        },
        {
          "name": "RHBZ#2267976",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267976"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-03-05T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-05-28T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-20: Improper Input Validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-2199",
    "datePublished": "2024-05-28T12:04:07.401Z",
    "dateReserved": "2024-03-05T18:54:52.210Z",
    "dateUpdated": "2026-02-25T19:31:16.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-2199",
      "date": "2026-05-27",
      "epss": "0.0009",
      "percentile": "0.25405"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una vulnerabilidad de denegaci\\u00f3n de servicio en el servidor ldap 389-ds-base. Este problema puede permitir que un usuario autenticado provoque una falla del servidor al modificar \\\"userPassword\\\" utilizando una entrada con formato incorrecto.\"}]",
      "id": "CVE-2024-2199",
      "lastModified": "2024-11-21T09:09:14.570",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 3.6}]}",
      "published": "2024-05-28T12:15:08.950",
      "references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2024:3591\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:3837\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4092\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4209\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4210\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4235\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4633\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:5690\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-2199\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2267976\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:3591\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:3837\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4092\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4209\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4210\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4235\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4633\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-2199\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2267976\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-2199\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-05-28T12:15:08.950\",\"lastModified\":\"2025-11-03T21:16:09.207\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio en el servidor ldap 389-ds-base. Este problema puede permitir que un usuario autenticado provoque una falla del servidor al modificar \\\"userPassword\\\" utilizando una entrada con formato incorrecto.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:3591\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:3837\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:4092\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:4209\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:4210\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:4235\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:4633\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:5690\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:1632\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-2199\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2267976\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:3591\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:3837\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:4092\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:4209\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:4210\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:4235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:4633\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-2199\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2267976\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2024:3591\", \"name\": \"RHSA-2024:3591\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:3837\", \"name\": \"RHSA-2024:3837\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4092\", \"name\": \"RHSA-2024:4092\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4209\", \"name\": \"RHSA-2024:4209\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4210\", \"name\": \"RHSA-2024:4210\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4235\", \"name\": \"RHSA-2024:4235\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4633\", \"name\": \"RHSA-2024:4633\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-2199\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2267976\", \"name\": \"RHBZ#2267976\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:36:43.979Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-2199\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-28T15:52:25.507062Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-28T15:52:42.571Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.7, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.1.1\", \"versionType\": \"semver\"}], \"packageName\": \"389-ds-base\", \"collectionURL\": \"https://github.com/389ds/389-ds-base\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:directory_server_e4s:11.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Directory Server 11.5 E4S for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8060020250210084424.0ca98e7e\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"redhat-ds:11\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:directory_server:11.8::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Directory Server 11.8 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8090020240606122459.91529cd0\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"redhat-ds:11\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:directory_server:11.9::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Directory Server 11.9 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8100020240604161237.37ed7c03\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"redhat-ds:11\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:directory_server:12.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Directory Server 12.4 for RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"9040020240604143706.1674d574\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"redhat-ds:12\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7::server\", \"cpe:/o:redhat:enterprise_linux:7::client\", \"cpe:/o:redhat:enterprise_linux:7::workstation\", \"cpe:/o:redhat:enterprise_linux:7::computenode\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.11.1-5.el7_9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"389-ds-base\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8100020240613122040.25e700aa\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"389-ds:1.4\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"8080020240807050952.6dbb3803\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"389-ds:1.4\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::crb\", \"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.4.5-8.el9_4\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"389-ds-base\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.2.4-9.el9_2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"389-ds-base\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"389-ds-base\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-03-05T00:00:00+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-05-28T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-05-28T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2024:3591\", \"name\": \"RHSA-2024:3591\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:3837\", \"name\": \"RHSA-2024:3837\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4092\", \"name\": \"RHSA-2024:4092\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4209\", \"name\": \"RHSA-2024:4209\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4210\", \"name\": \"RHSA-2024:4210\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4235\", \"name\": \"RHSA-2024:4235\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:4633\", \"name\": \"RHSA-2024:4633\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:5690\", \"name\": \"RHSA-2024:5690\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:1632\", \"name\": \"RHSA-2025:1632\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-2199\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2267976\", \"name\": \"RHBZ#2267976\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-06T21:48:49.923Z\"}, \"x_redhatCweChain\": \"CWE-20: Improper Input Validation\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-2199\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-06T21:48:49.923Z\", \"dateReserved\": \"2024-03-05T18:54:52.210Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-05-28T12:04:07.401Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.