CVE-2024-8445

389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199)

Description

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.

Remediation

Workaround:

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Tags
https://access.redhat.com/errata/RHSA-2024:7434	vendor advisory
https://access.redhat.com/security/cve/CVE-2024-8445	vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2310110	issue tracking

Frequently Asked Questions

What is the severity of CVE-2024-8445?: CVE-2024-8445 has been scored as a medium severity vulnerability.
How to fix CVE-2024-8445?: As a workaround for remediating CVE-2024-8445: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Is CVE-2024-8445 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-8445 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-8445?: CVE-2024-8445 affects Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support, Red Hat Red Hat Directory Server 11, Red Hat Red Hat Directory Server 12, Red Hat Red Hat Enterprise Linux 6, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 9.

Description

Remediation

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions