First published: Wed Dec 08 2021(Updated: )
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Port389 389-ds-base | <1.3.10.2 | |
Redhat Enterprise Linux Desktop | =7 | |
Redhat Enterprise Linux For Ibm Z Systems | =7.0 | |
Redhat Enterprise Linux For Power Big Endian | =7.0 | |
Redhat Enterprise Linux For Power Little Endian | =7.0 | |
Redhat Enterprise Linux For Scientific Computing | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
redhat/389-ds-base | <2.2.0 | 2.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-4091 is high with a severity value of 7.5.
The affected software for CVE-2021-4091 includes Port389 389-ds-base version up to exclusive 1.3.10.2, Redhat Enterprise Linux Desktop 7, Redhat Enterprise Linux For Ibm Z Systems 7.0, Redhat Enterprise Linux For Power Big Endian 7.0, Redhat Enterprise Linux For Power Little Endian 7.0, Redhat Enterprise Linux For Scientific Computing 7.0, Redhat Enterprise Linux Server 7.0, and Redhat Enterprise Linux Workstation 7.0.
An attacker can exploit CVE-2021-4091 by sending a series of search requests to the server, forcing it to behave unexpectedly and crash.
The Common Weakness Enumeration (CWE) ID for CVE-2021-4091 is CWE-415.
You can find more information about CVE-2021-4091 at the following references: [Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2030307) and [Debian LTS Announce](https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html).