rpm package
opensuse/389-ds&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/389-ds&distro=openSUSE%20Tumbleweed
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-14905 | Hig | 7.2 | < 3.1.4+e2562f589-1.1 | 3.1.4+e2562f589-1.1 | Feb 23, 2026 | A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting f | |
| CVE-2025-3416 | Low | 3.7 | < 3.1.2~git90.2bc7250be-1.1 | 3.1.2~git90.2bc7250be-1.1 | Apr 8, 2025 | A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string. | |
| CVE-2025-2487 | Med | 4.9 | < 3.1.2~git55.7fbd4526-1.1 | 3.1.2~git55.7fbd4526-1.1 | Mar 18, 2025 | A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a fail | |
| CVE-2024-43806 | Med | 6.5 | < 3.1.1~git13.a9c7ff9-1.1 | 3.1.1~git13.a9c7ff9-1.1 | Aug 26, 2024 | Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this c | |
| CVE-2024-6237 | — | < 3.1.1~git0.aef1668-1.1 | 3.1.1~git0.aef1668-1.1 | Jul 9, 2024 | A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service. | ||
| CVE-2024-5953 | Med | 5.7 | < 3.1.1~git0.aef1668-1.1 | 3.1.1~git0.aef1668-1.1 | Jun 18, 2024 | A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. | |
| CVE-2024-3657 | Hig | 7.5 | < 3.1.1~git0.aef1668-1.1 | 3.1.1~git0.aef1668-1.1 | May 28, 2024 | A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service | |
| CVE-2024-2199 | Med | 5.7 | < 3.1.1~git0.aef1668-1.1 | 3.1.1~git0.aef1668-1.1 | May 28, 2024 | A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. | |
| CVE-2022-1949 | — | < 2.1.1~git22.faef73366-1.1 | 2.1.1~git22.faef73366-1.1 | Jun 1, 2022 | An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a fi | ||
| CVE-2022-0996 | — | < 2.0.14~git25.e6431d959-1.1 | 2.0.14~git25.e6431d959-1.1 | Mar 23, 2022 | A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. | ||
| CVE-2022-0918 | — | < 2.1.1~git4.b7f891097-1.1 | 2.1.1~git4.b7f891097-1.1 | Mar 16, 2022 | A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication | ||
| CVE-2019-14824 | — | < 2.0.10~git0.21dd2802c-1.1 | 2.0.10~git0.21dd2802c-1.1 | Nov 8, 2019 | A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. | ||
| CVE-2018-14648 | — | < 2.0.10~git0.21dd2802c-1.1 | 2.0.10~git0.21dd2802c-1.1 | Sep 28, 2018 | A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service. | ||
| CVE-2018-14638 | — | < 2.0.10~git0.21dd2802c-1.1 | 2.0.10~git0.21dd2802c-1.1 | Sep 14, 2018 | A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. | ||
| CVE-2018-10935 | — | < 2.0.10~git0.21dd2802c-1.1 | 2.0.10~git0.21dd2802c-1.1 | Sep 11, 2018 | A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. | ||
| CVE-2018-14624 | — | < 2.0.10~git0.21dd2802c-1.1 | 2.0.10~git0.21dd2802c-1.1 | Sep 6, 2018 | A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, whi | ||
| CVE-2018-10871 | — | < 2.0.10~git0.21dd2802c-1.1 | 2.0.10~git0.21dd2802c-1.1 | Jul 18, 2018 | 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker w | ||
| CVE-2018-10850 | — | < 2.0.10~git0.21dd2802c-1.1 | 2.0.10~git0.21dd2802c-1.1 | Jun 13, 2018 | 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. | ||
| CVE-2018-1089 | — | < 2.0.10~git0.21dd2802c-1.1 | 2.0.10~git0.21dd2802c-1.1 | May 9, 2018 | 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially craf | ||
| CVE-2018-1054 | — | < 2.0.10~git0.21dd2802c-1.1 | 2.0.10~git0.21dd2802c-1.1 | Mar 7, 2018 | An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus res |
- affected < 3.1.4+e2562f589-1.1fixed 3.1.4+e2562f589-1.1
A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting f
- affected < 3.1.2~git90.2bc7250be-1.1fixed 3.1.2~git90.2bc7250be-1.1
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
- affected < 3.1.2~git55.7fbd4526-1.1fixed 3.1.2~git55.7fbd4526-1.1
A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a fail
- affected < 3.1.1~git13.a9c7ff9-1.1fixed 3.1.1~git13.a9c7ff9-1.1
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this c
- CVE-2024-6237Jul 9, 2024affected < 3.1.1~git0.aef1668-1.1fixed 3.1.1~git0.aef1668-1.1
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.
- affected < 3.1.1~git0.aef1668-1.1fixed 3.1.1~git0.aef1668-1.1
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
- affected < 3.1.1~git0.aef1668-1.1fixed 3.1.1~git0.aef1668-1.1
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
- affected < 3.1.1~git0.aef1668-1.1fixed 3.1.1~git0.aef1668-1.1
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.
- CVE-2022-1949Jun 1, 2022affected < 2.1.1~git22.faef73366-1.1fixed 2.1.1~git22.faef73366-1.1
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a fi
- CVE-2022-0996Mar 23, 2022affected < 2.0.14~git25.e6431d959-1.1fixed 2.0.14~git25.e6431d959-1.1
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
- CVE-2022-0918Mar 16, 2022affected < 2.1.1~git4.b7f891097-1.1fixed 2.1.1~git4.b7f891097-1.1
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication
- CVE-2019-14824Nov 8, 2019affected < 2.0.10~git0.21dd2802c-1.1fixed 2.0.10~git0.21dd2802c-1.1
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
- CVE-2018-14648Sep 28, 2018affected < 2.0.10~git0.21dd2802c-1.1fixed 2.0.10~git0.21dd2802c-1.1
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.
- CVE-2018-14638Sep 14, 2018affected < 2.0.10~git0.21dd2802c-1.1fixed 2.0.10~git0.21dd2802c-1.1
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
- CVE-2018-10935Sep 11, 2018affected < 2.0.10~git0.21dd2802c-1.1fixed 2.0.10~git0.21dd2802c-1.1
A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.
- CVE-2018-14624Sep 6, 2018affected < 2.0.10~git0.21dd2802c-1.1fixed 2.0.10~git0.21dd2802c-1.1
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, whi
- CVE-2018-10871Jul 18, 2018affected < 2.0.10~git0.21dd2802c-1.1fixed 2.0.10~git0.21dd2802c-1.1
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker w
- CVE-2018-10850Jun 13, 2018affected < 2.0.10~git0.21dd2802c-1.1fixed 2.0.10~git0.21dd2802c-1.1
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.
- CVE-2018-1089May 9, 2018affected < 2.0.10~git0.21dd2802c-1.1fixed 2.0.10~git0.21dd2802c-1.1
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially craf
- CVE-2018-1054Mar 7, 2018affected < 2.0.10~git0.21dd2802c-1.1fixed 2.0.10~git0.21dd2802c-1.1
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus res
Page 1 of 2