CVE-2024-1062 - Vulnerability Details

CVE-2024-1062 - 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fedoraproject	Fedora
Redhat	389 Directory Server Directory Server Directory Server E4s Directory Server Eus Enterprise Linux Enterprise Linux Eus Enterprise Linux For Arm 64 Eus Enterprise Linux For Ibm Z Systems Enterprise Linux For Ibm Z Systems Eus Enterprise Linux For Power Little Endian Eus Enterprise Linux Server Aus Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Enterprise Linux Server Tus Enterprise Linux Update Services For Sap Solutions Rhel Eus

Configuration 1 [-]

cpe:2.3:o:redhat:389_directory_server:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:directory_server:-:::::::*
	cpe:2.3:a:redhat:directory_server:11.7:::::::*
	cpe:2.3:a:redhat:directory_server:11.8:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*
	cpe:2.3:o:fedoraproject:fedora:41:::::::*

Configuration 4 [-]

AND

cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::*

Package	CPE	Advisory	Released Date
Red Hat Directory Server 11.5 E4S for RHEL 8
redhat-ds:11-8060020250210084424.0ca98e7e	cpe:/a:redhat:directory_server_e4s:11.5::el8	RHSA-2025:1632	2025-02-18T00:00:00Z
Red Hat Directory Server 11.7 for RHEL 8
redhat-ds:11-8080020240306153507.f969626e	cpe:/a:redhat:directory_server:11.7::el8	RHSA-2024:1372	2024-03-19T00:00:00Z
Red Hat Directory Server 11.8 for RHEL 8
redhat-ds:11-8090020240606122459.91529cd0	cpe:/a:redhat:directory_server:11.8::el8	RHSA-2024:4209	2024-07-02T00:00:00Z
Red Hat Directory Server 12.2 EUS for RHEL 9
redhat-ds:12-9020020240916150035.1674d574	cpe:/a:redhat:directory_server_eus:12.2::el9	RHSA-2024:7458	2024-10-01T00:00:00Z
Red Hat Enterprise Linux 8
389-ds:1.4-8100020240315011748.945b6f6d	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:3047	2024-05-22T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
389-ds:1.4-8060020240213164457.824efc52	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:1074	2024-03-05T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
389-ds:1.4-8080020240807050952.6dbb3803	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:5690	2024-08-21T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
389-ds-base-0:2.2.4-9.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:4633	2024-07-18T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:1074
https://access.redhat.com/errata/RHSA-2024:1372
https://access.redhat.com/errata/RHSA-2024:3047
https://access.redhat.com/errata/RHSA-2024:4209
https://access.redhat.com/errata/RHSA-2024:4633
https://access.redhat.com/errata/RHSA-2024:5690
https://access.redhat.com/errata/RHSA-2024:7458
https://access.redhat.com/errata/RHSA-2025:1632
https://access.redhat.com/security/cve/CVE-2024-1062
https://bugzilla.redhat.com/show_bug.cgi?id=2256711
https://bugzilla.redhat.com/show_bug.cgi?id=2261879
https://nvd.nist.gov/vuln/detail/CVE-2024-1062
https://www.cve.org/CVERecord?id=CVE-2024-1062

History

Tue, 18 Feb 2025 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat directory Server E4s
CPEs		cpe:/a:redhat:directory_server_e4s:11.5::el8
Vendors & Products		Redhat directory Server E4s
References		https://access.redhat.com/errata/RHSA-2025:1632

Thu, 10 Oct 2024 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fedoraproject Fedoraproject fedora Redhat 389 Directory Server Redhat enterprise Linux Eus Redhat enterprise Linux For Arm 64 Eus Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server Aus Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat enterprise Linux Server Tus Redhat enterprise Linux Update Services For Sap Solutions
CPEs		cpe:2.3:a:redhat:directory_server:-:::::::* cpe:2.3:a:redhat:directory_server:11.7:::::::* cpe:2.3:a:redhat:directory_server:11.8:::::::* cpe:2.3:a:redhat:directory_server:12.0:::::::* cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:fedoraproject:fedora:40:::::::* cpe:2.3:o:fedoraproject:fedora:41:::::::* cpe:2.3:o:redhat:389_directory_server:::::::: cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::*
Vendors & Products		Fedoraproject Fedoraproject fedora Redhat 389 Directory Server Redhat enterprise Linux Eus Redhat enterprise Linux For Arm 64 Eus Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server Aus Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat enterprise Linux Server Tus Redhat enterprise Linux Update Services For Sap Solutions

Tue, 01 Oct 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 01 Oct 2024 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat directory Server Eus
CPEs		cpe:/a:redhat:directory_server_eus:12.2::el9
Vendors & Products		Redhat directory Server Eus
References		https://access.redhat.com/errata/RHSA-2024:7458

Wed, 21 Aug 2024 19:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:8.8

Wed, 21 Aug 2024 12:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:8.8::appstream
References		https://access.redhat.com/errata/RHSA-2024:5690

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-02-12T13:04:39.944Z

Updated: 2025-02-18T10:16:21.188Z

Reserved: 2024-01-30T08:40:08.731Z

Link: CVE-2024-1062

Vulnrichment

Updated: 2024-08-01T18:26:30.502Z

NVD

Status : Modified

Published: 2024-02-12T13:15:09.210

Modified: 2025-02-18T11:15:11.903

Link: CVE-2024-1062

Redhat

Severity : Moderate

Publid Date: 2024-01-30T00:00:00Z

Links: CVE-2024-1062 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object