CVE-2024-8445
Description
The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying userPassword using malformed input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An incomplete fix for CVE-2024-2199 allows authenticated users to crash the 389 Directory Server via malformed userPassword modifications.
Vulnerability
Analysis
CVE-2024-8445 reveals that the patch for CVE-2024-2199 in 389-ds-base did not comprehensively address the vulnerability. The issue stems from improper input validation when an authenticated user modifies the userPassword attribute, where malformed input can trigger a server crash [1][3].
Exploitation
Scenario
An attacker with valid credentials to the directory server can exploit this flaw by sending a specially crafted request to modify the userPassword field. No additional privileges beyond standard authentication are required, as the bug resides in the handling of password modification operations [2][3].
Impact
Successful exploitation results in a denial of service (DoS) condition, causing the 389 Directory Server process to crash. This disrupts directory services for all users, potentially impacting authentication and authorization systems that rely on the server [1][2].
Mitigation
Red Hat has addressed this vulnerability via RHSA-2024:7434, which updates 389-ds-base packages on Red Hat Enterprise Linux 9. Users are strongly encouraged to apply the available update to prevent exploitation [2].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.