A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.
2022-10-14T18:15:14.980
2025-05-15T15:15:53.740
Modified
CVSSv3.1: 6.5 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | redhat | directory_server | 11.0 | Yes |
| Application | redhat | directory_server | 12.0 | Yes |
| Operating System | redhat | enterprise_linux | 6.0 | Yes |
| Operating System | redhat | enterprise_linux | 7.0 | Yes |
| Operating System | redhat | enterprise_linux | 8.0 | Yes |
| Operating System | redhat | enterprise_linux | 9.0 | Yes |
| Operating System | fedoraproject | fedora | 35 | Yes |
| Operating System | fedoraproject | fedora | 36 | Yes |
| Application | port389 | 389-ds-base | ≤ 2.4.1 | Yes |
| Operating System | debian | debian_linux | 10.0 | Yes |