Unrated severityNVD Advisory· Published Oct 14, 2022· Updated Nov 3, 2025
CVE-2022-2850
CVE-2022-2850
Description
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.
Affected products
11- 389-ds-base/389-ds-basedescription
- osv-coords10 versionspkg:rpm/almalinux/389-ds-basepkg:rpm/almalinux/389-ds-base-develpkg:rpm/almalinux/389-ds-base-legacy-toolspkg:rpm/almalinux/389-ds-base-libspkg:rpm/almalinux/389-ds-base-snmppkg:rpm/almalinux/python3-lib389pkg:rpm/opensuse/389-ds&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/389-ds&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4
< 1.4.3.28-8.module_el8.6.0+3338+ebccfef1+ 9 more
- (no CPE)range: < 1.4.3.28-8.module_el8.6.0+3338+ebccfef1
- (no CPE)range: < 1.4.3.28-8.module_el8.6.0+3338+ebccfef1
- (no CPE)range: < 1.4.3.28-8.module_el8.6.0+3338+ebccfef1
- (no CPE)range: < 1.4.3.28-8.module_el8.6.0+3338+ebccfef1
- (no CPE)range: < 1.4.3.28-8.module_el8.6.0+3338+ebccfef1
- (no CPE)range: < 1.4.3.28-8.module_el8.6.0+3338+ebccfef1
- (no CPE)range: < 1.4.4.19~git46.c900a28c8-150300.3.22.1
- (no CPE)range: < 2.0.16~git20.219f047ae-150400.3.10.1
- (no CPE)range: < 1.4.4.19~git46.c900a28c8-150300.3.22.1
- (no CPE)range: < 2.0.16~git20.219f047ae-150400.3.10.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.