CVE-2024-8445

EUVD-2024-49545
The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.7 MEDIUM
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Debian logo
Debian Releases
Debian Product
Codename
389-ds-base
bookworm
2.3.1+dfsg1-1+deb12u1
fixed
bullseye
vulnerable
bullseye (security)
1.4.4.11-2+deb11u1
fixed
sid
3.1.2+dfsg1-1
fixed
trixie
3.1.2+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
389-ds-base
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
needs-triage
questing
needs-triage
xenial
needs-triage
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
389-ds-base
Amazon Linux 2
0:1.3.10.2-17.amzn2.0.2
fixed
389-ds-base-debuginfo
Amazon Linux 2
0:1.3.10.2-17.amzn2.0.2
fixed
389-ds-base-devel
Amazon Linux 2
0:1.3.10.2-17.amzn2.0.2
fixed
389-ds-base-libs
Amazon Linux 2
0:1.3.10.2-17.amzn2.0.2
fixed
389-ds-base-snmp
Amazon Linux 2
0:1.3.10.2-17.amzn2.0.2
fixed