CVE-2021-4091

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions 389-ds-base (affected versions not specified)

Description A double-free issue was found in the way 389-ds-base handles virtual attributes context in persistent searches. This could allow an attacker to send a series of search requests, forcing the server to behave unexpectedly and crash. The vulnerability is related to the use of memory after it has been freed when handling private pblock and duplicated pblock with the same pb vattr context pointer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-416

Related Identifiers

ALSA-2022:0889

ALT-PU-2019-1207

BDU:2022-05559

CESA-2022_0628

CESA-2022_0889

CVE-2021-4091

DLA-3399-1

DLA-4021-1

MGASA-2022-0106

OPENSUSE-SU-2022_2081-1

OPENSUSE-SU-2022_2295-1

RHSA-2022:0628

RHSA-2022:0889

RHSA-2022:0952

RHSA-2022:1410

RHSA-2022_0628

RHSA-2022_0889

RLSA-2022:0889

SUSE-SU-2022:2081-1

SUSE-SU-2022:2105-1

SUSE-SU-2022:2109-1

SUSE-SU-2022:2163-1

SUSE-SU-2022:2295-1

SUSE-SU-2022_2081-1

SUSE-SU-2022_2105-1

SUSE-SU-2022_2295-1

Affected Products

389-Ds-Base

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Rocky Linux

Suse

CVE-2021-4091

Weakness Enumeration

Related Identifiers

Affected Products

References · 56