PT-2021-7712 · Unknown+6 · 389-Ds-Base+6

Cedric Buissart

Published

2021-03-30

Updated

2021-05-28

CVE-2021-3480

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions 389-ds-base versions prior to 0.56.7

Description A flaw was found in slapi-nis that could allow an unauthenticated attacker to crash the 389-ds-base directory server due to a NULL pointer dereference during the parsing of the Binding DN. The highest threat from this issue is to system availability. This could be exploited by a remote attacker to cause a denial of service.

Recommendations For versions prior to 0.56.7, update to version 0.56.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the slapi-nis component to minimize the risk of exploitation.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2021:1983

ALT-PU-2021-1827

ALT-PU-2021-1842

ALT-PU-2021-1854

BDU:2023-01691

CESA-2021_1983

CVE-2021-3480

RHSA-2021:1983

RHSA-2021:2026

RHSA-2021:2027

RHSA-2021:2032

RHSA-2021_1983

RHSA-2021_2032

RLSA-2021:1983

Affected Products

389-Ds-Base

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Rocky Linux

PT-2021-7712 · Unknown+6 · 389-Ds-Base+6

CVE-2021-3480

Weakness Enumeration

Related Identifiers

Affected Products

References · 26