Unrated severityNVD Advisory· Published Feb 12, 2024· Updated Feb 25, 2026

389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

CVE-2024-1062

Description

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

Affected products

osv-coords16 versions
pkg:rpm/almalinux/389-ds-base pkg:rpm/almalinux/389-ds-base-devel pkg:rpm/almalinux/389-ds-base-legacy-tools pkg:rpm/almalinux/389-ds-base-libs pkg:rpm/almalinux/389-ds-base-snmp pkg:rpm/almalinux/python3-lib389 pkg:rpm/opensuse/389-ds&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/389-ds&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5 pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6 pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/389-ds&distro=SUSE%20Manager%20Proxy%204.3 pkg:rpm/suse/389-ds&distro=SUSE%20Manager%20Server%204.3
< 1.4.3.39-3.module_el8.10.0+3829+ea459e35+ 15 more
- (no CPE)range: < 1.4.3.39-3.module_el8.10.0+3829+ea459e35
- (no CPE)range: < 1.4.3.39-3.module_el8.10.0+3829+ea459e35
- (no CPE)range: < 1.4.3.39-3.module_el8.10.0+3829+ea459e35
- (no CPE)range: < 1.4.3.39-3.module_el8.10.0+3829+ea459e35
- (no CPE)range: < 1.4.3.39-3.module_el8.10.0+3829+ea459e35
- (no CPE)range: < 1.4.3.39-3.module_el8.10.0+3829+ea459e35
- (no CPE)range: < 2.2.8~git65.347aae6-150500.3.17.1
- (no CPE)range: < 2.2.8~git65.347aae6-150600.8.3.1
- (no CPE)range: < 2.0.20~git9.5e2d637c-150400.3.42.3
- (no CPE)range: < 2.0.20~git9.5e2d637c-150400.3.42.3
- (no CPE)range: < 2.2.8~git65.347aae6-150500.3.17.1
- (no CPE)range: < 2.2.8~git65.347aae6-150600.8.3.1
- (no CPE)range: < 2.0.20~git9.5e2d637c-150400.3.42.3
- (no CPE)range: < 2.0.20~git9.5e2d637c-150400.3.42.3
- (no CPE)range: < 2.0.20~git9.5e2d637c-150400.3.42.3
- (no CPE)range: < 2.0.20~git9.5e2d637c-150400.3.42.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2024:1074mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:1372mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:3047mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:4209mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:4633mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:5690mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:7458mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2025:1632mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/security/cve/CVE-2024-1062mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000