CVE-2024-1062

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
redhatCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
redhat389_directory_server
𝑥
< 2.2.0
redhatdirectory_server
-
redhatdirectory_server
11.7
redhatdirectory_server
11.8
redhatdirectory_server
12.0
redhatenterprise_linux
8.0
redhatenterprise_linux_eus
8.6
redhatenterprise_linux_eus
8.8
redhatenterprise_linux_eus
9.2
redhatenterprise_linux_for_arm_64_eus
8.6
redhatenterprise_linux_for_arm_64_eus
8.8
redhatenterprise_linux_for_arm_64_eus
9.2
redhatenterprise_linux_for_ibm_z_systems
9.2
redhatenterprise_linux_for_ibm_z_systems_eus
8.8
redhatenterprise_linux_for_power_little_endian_eus
8.8
redhatenterprise_linux_for_power_little_endian_eus
9.2
redhatenterprise_linux_server_aus
8.6
redhatenterprise_linux_server_aus
9.2
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.6
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.8
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
9.2
redhatenterprise_linux_server_tus
8.6
redhatenterprise_linux_server_tus
8.8
redhatenterprise_linux_update_services_for_sap_solutions
8.6
redhatenterprise_linux_update_services_for_sap_solutions
8.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
389-ds-base
bullseye
no-dsa
bookworm
no-dsa
buster
no-dsa
bullseye (security)
vulnerable
sid
3.1.2+dfsg1-1
fixed
trixie
3.1.2+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
389-ds-base
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
mantic
ignored
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
ignored
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:1074
https://access.redhat.com/errata/RHSA-2024:1372
https://access.redhat.com/errata/RHSA-2024:3047
https://access.redhat.com/errata/RHSA-2024:4209
https://access.redhat.com/errata/RHSA-2024:4633
https://access.redhat.com/errata/RHSA-2024:5690
https://access.redhat.com/errata/RHSA-2024:7458
https://access.redhat.com/errata/RHSA-2025:1632
https://access.redhat.com/security/cve/CVE-2024-1062
https://bugzilla.redhat.com/show_bug.cgi?id=2256711
https://bugzilla.redhat.com/show_bug.cgi?id=2261879
https://access.redhat.com/errata/RHSA-2024:1074
https://access.redhat.com/errata/RHSA-2024:1372
https://access.redhat.com/errata/RHSA-2024:3047
https://access.redhat.com/errata/RHSA-2024:4209
https://access.redhat.com/errata/RHSA-2024:4633
https://access.redhat.com/security/cve/CVE-2024-1062
https://bugzilla.redhat.com/show_bug.cgi?id=2256711
https://bugzilla.redhat.com/show_bug.cgi?id=2261879