Unrated severityNVD Advisory· Published Jul 9, 2024· Updated Nov 20, 2025

389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request

CVE-2024-6237

Description

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

Affected products

osv-coords5 versions
pkg:rpm/almalinux/389-ds-base pkg:rpm/almalinux/389-ds-base-devel pkg:rpm/almalinux/389-ds-base-libs pkg:rpm/almalinux/python3-lib389 pkg:rpm/opensuse/389-ds&distro=openSUSE%20Tumbleweed
< 2.4.5-9.el9_4+ 4 more
- (no CPE)range: < 2.4.5-9.el9_4
- (no CPE)range: < 2.4.5-9.el9_4
- (no CPE)range: < 2.4.5-9.el9_4
- (no CPE)range: < 2.4.5-9.el9_4
- (no CPE)range: < 3.1.1~git0.aef1668-1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2024:4997mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:5192mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/security/cve/CVE-2024-6237mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
github.com/389ds/389-ds-base/issues/5989mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000