rpm package
suse/389-ds&distro=SUSE Linux Enterprise Module for Server Applications 15 SP6
pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-3416 | Low | 3.7 | < 2.2.10~git99.aa5d0ecbf-150600.8.20.1 | 2.2.10~git99.aa5d0ecbf-150600.8.20.1 | Apr 8, 2025 | A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string. | |
| CVE-2024-5953 | Med | 5.7 | < 2.2.10~git2.345056d3-150600.8.7.2 | 2.2.10~git2.345056d3-150600.8.7.2 | Jun 18, 2024 | A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. | |
| CVE-2024-3657 | Hig | 7.5 | < 2.2.10~git2.345056d3-150600.8.7.2 | 2.2.10~git2.345056d3-150600.8.7.2 | May 28, 2024 | A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service | |
| CVE-2024-2199 | Med | 5.7 | < 2.2.10~git2.345056d3-150600.8.7.2 | 2.2.10~git2.345056d3-150600.8.7.2 | May 28, 2024 | A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. | |
| CVE-2024-1062 | — | < 2.2.8~git65.347aae6-150600.8.3.1 | 2.2.8~git65.347aae6-150600.8.3.1 | Feb 12, 2024 | A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. |
- affected < 2.2.10~git99.aa5d0ecbf-150600.8.20.1fixed 2.2.10~git99.aa5d0ecbf-150600.8.20.1
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
- affected < 2.2.10~git2.345056d3-150600.8.7.2fixed 2.2.10~git2.345056d3-150600.8.7.2
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
- affected < 2.2.10~git2.345056d3-150600.8.7.2fixed 2.2.10~git2.345056d3-150600.8.7.2
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
- affected < 2.2.10~git2.345056d3-150600.8.7.2fixed 2.2.10~git2.345056d3-150600.8.7.2
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.
- CVE-2024-1062Feb 12, 2024affected < 2.2.8~git65.347aae6-150600.8.3.1fixed 2.2.8~git65.347aae6-150600.8.3.1
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.