VYPR

389 Ds Base

by 389 Directory Server

Source repositories

CVEs (23)

  • CVE-2017-7551CriAug 16, 2017
    risk 0.64cvss 9.8epss 0.01

    389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.

  • CVE-2026-9064HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of…

  • CVE-2024-3657HigMay 28, 2024
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service

  • CVE-2018-14638HigSep 14, 2018
    risk 0.49cvss 7.5epss 0.03

    A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.

  • CVE-2018-14624HigSep 6, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN,…

  • CVE-2025-14905HigFeb 23, 2026
    risk 0.47cvss 7.2epss 0.01

    A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting…

  • CVE-2017-2668MedJun 22, 2018
    risk 0.42cvss 6.5epss 0.03

    389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in…

  • CVE-2018-10850MedJun 13, 2018
    risk 0.38cvss 5.9epss 0.02

    389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.

  • CVE-2024-5953MedJun 18, 2024
    risk 0.37cvss 5.7epss 0.01

    A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.

  • CVE-2024-2199MedMay 28, 2024
    risk 0.37cvss 5.7epss 0.01

    A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.

  • CVE-2025-2487MedMar 18, 2025
    risk 0.32cvss 4.9epss 0.01

    A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a…

  • CVE-2018-10871LowJul 18, 2018
    risk 0.25cvss 3.8epss 0.01

    389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker…

  • CVE-2022-0918Mar 16, 2022
    risk 0.01cvss epss 0.06

    A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other…

  • CVE-2024-1062Feb 12, 2024
    risk 0.00cvss epss 0.00

    A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

  • CVE-2022-2850Oct 14, 2022
    risk 0.00cvss epss 0.01

    A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against…

  • CVE-2022-1949Jun 1, 2022
    risk 0.00cvss epss 0.01

    An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a…

  • CVE-2021-3652Apr 18, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user…

  • CVE-2021-3514May 28, 2021
    risk 0.00cvss epss 0.01

    When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.

  • CVE-2020-35518Mar 26, 2021
    risk 0.00cvss epss 0.02

    When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

  • CVE-2019-10224Nov 25, 2019
    risk 0.00cvss epss 0.00

    A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard…

Page 1 of 2