CVE-2024-1062: 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)
First published: Tue Jan 30 2024(Updated: )
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/389-ds-base | <2.2.0 | 2.2.0 |
| Red Hat 389 Directory Server | <2.2.0 | |
| Red Hat Directory Server | ||
| Red Hat Directory Server | =11.7 | |
| Red Hat Directory Server | =11.8 | |
| Fedora | =39 | |
| Fedora | =40 | |
| Fedora | =41 | |
| All of | ||
| Red Hat Directory Server | =12.0 | |
| redhat enterprise Linux eus | =9.2 | |
| Red Hat Enterprise Linux | =8.0 | |
| redhat enterprise Linux eus | =8.6 | |
| redhat enterprise Linux eus | =8.8 | |
| redhat enterprise Linux eus | =9.2 | |
| Red Hat Enterprise Linux for ARM64 EUS | =8.6 | |
| Red Hat Enterprise Linux for ARM64 EUS | =8.8 | |
| Red Hat Enterprise Linux for ARM64 EUS | =9.2 | |
| redhat enterprise Linux for ibm z systems | =9.2 | |
| redhat enterprise Linux for ibm z systems eus | =8.8 | |
| redhat enterprise Linux for power little endian eus | =8.8 | |
| redhat enterprise Linux for power little endian eus | =9.2 | |
| redhat enterprise Linux server aus | =8.6 | |
| redhat enterprise Linux server aus | =9.2 | |
| redhat enterprise Linux server for power little endian update services for sap solutions | =8.6 | |
| redhat enterprise Linux server for power little endian update services for sap solutions | =8.8 | |
| redhat enterprise Linux server for power little endian update services for sap solutions | =9.2 | |
| redhat enterprise Linux server tus | =8.6 | |
| redhat enterprise Linux server tus | =8.8 | |
| Red Hat Enterprise Linux for SAP Solutions | =8.6 | |
| Red Hat Enterprise Linux for SAP Solutions | =8.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2256711
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2261884
- https://access.redhat.com/errata/RHSA-2024:1074
- https://access.redhat.com/errata/RHSA-2024:1372
- https://access.redhat.com/errata/RHSA-2024:3047
- https://access.redhat.com/errata/RHSA-2024:4209
- https://access.redhat.com/errata/RHSA-2024:4633
- https://access.redhat.com/errata/RHSA-2024:5690
- https://access.redhat.com/errata/RHSA-2024:7458
- https://bugzilla.redhat.com/show_bug.cgi?id=2261879
- https://access.redhat.com/security/cve/CVE-2024-1062
- https://bugzilla.redhat.com/show_bug.cgi?id=2256711
- https://access.redhat.com/errata/RHSA-2025:1632
Frequently Asked Questions
What is the severity of CVE-2024-1062?
CVE-2024-1062 is classified as a high severity vulnerability due to its potential to cause a denial of service.
How do I fix CVE-2024-1062?
To fix CVE-2024-1062, update the affected version of 389-ds-base to at least version 2.2.0 or later.
What systems are affected by CVE-2024-1062?
CVE-2024-1062 affects versions of 389-ds-base up to 2.2.0 and several versions of Red Hat Directory Server.
What type of vulnerability is CVE-2024-1062?
CVE-2024-1062 is a heap overflow vulnerability that occurs when writing values larger than 256 characters in log_entry_attr.
What are the potential impacts of CVE-2024-1062?
The potential impacts of CVE-2024-1062 include service disruption and denial of service due to the heap overflow.
- agent/weakness
- agent/title
- agent/severity
- agent/author
- agent/type
- agent/first-publish-date
- agent/description
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-1062
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/redhat
- canonical/red hat 389 directory server
- canonical/red hat directory server
- version/red hat directory server/11.7
- version/red hat directory server/11.8
- vendor/fedoraproject
- canonical/fedora
- version/fedora/39
- version/fedora/40
- version/fedora/41
- version/red hat directory server/12.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/9.2
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- version/redhat enterprise linux eus/8.6
- version/redhat enterprise linux eus/8.8
- canonical/red hat enterprise linux for arm64 eus
- version/red hat enterprise linux for arm64 eus/8.6
- version/red hat enterprise linux for arm64 eus/8.8
- version/red hat enterprise linux for arm64 eus/9.2
- canonical/redhat enterprise linux for ibm z systems
- version/redhat enterprise linux for ibm z systems/9.2
- canonical/redhat enterprise linux for ibm z systems eus
- version/redhat enterprise linux for ibm z systems eus/8.8
- canonical/redhat enterprise linux for power little endian eus
- version/redhat enterprise linux for power little endian eus/8.8
- version/redhat enterprise linux for power little endian eus/9.2
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/8.6
- version/redhat enterprise linux server aus/9.2
- canonical/redhat enterprise linux server for power little endian update services for sap solutions
- version/redhat enterprise linux server for power little endian update services for sap solutions/8.6
- version/redhat enterprise linux server for power little endian update services for sap solutions/8.8
- version/redhat enterprise linux server for power little endian update services for sap solutions/9.2
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/8.6
- version/redhat enterprise linux server tus/8.8
- canonical/red hat enterprise linux for sap solutions
- version/red hat enterprise linux for sap solutions/8.6
- version/red hat enterprise linux for sap solutions/8.8