CVE-2024-6237

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2024-6237	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2293579	Issue Tracking
https://github.com/389ds/389-ds-base/issues/5989	Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:directory_server:12.0:::::::*
	cpe:2.3:o:redhat:389_directory_server:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

History

No history.

Information

Published : 2024-07-09 17:15

Updated : 2024-07-12 17:14

NVD link : CVE-2024-6237

Mitre link : CVE-2024-6237

CVE.ORG link : CVE-2024-6237

JSON object : View

Products Affected

redhat

389_directory_server
enterprise_linux
directory_server

CWE

NVD-CWE-noinfo CWE-230

Improper Handling of Missing Values

{"id": "CVE-2024-6237", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-07-09T17:15:48.960", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-6237", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293579", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://github.com/389ds/389-ds-base/issues/5989", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-230"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en 389 Directory Server. Este fallo permite que un usuario no autenticado provoque un fallo sistem\u00e1tico del servidor mientras env\u00eda una solicitud de b\u00fasqueda extendida espec\u00edfica, lo que lleva a una denegaci\u00f3n de servicio."}], "lastModified": "2024-07-12T17:14:19.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3DAF61A-58A9-41A6-A4DC-64148055B0C1"}, {"criteria": "cpe:2.3:o:redhat:389_directory_server:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A861110D-0BBC-4052-BBFD-F718F6CD72C5"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}