CVE-2024-1062: 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)
First published: Tue Jan 30 2024(Updated: )
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/389-ds-base | <2.2.0 | 2.2.0 |
| Redhat 389 Directory Server | <2.2.0 | |
| Redhat Directory Server | ||
| Redhat Directory Server | =11.7 | |
| Redhat Directory Server | =11.8 | |
| Fedoraproject Fedora | =39 | |
| Fedoraproject Fedora | =40 | |
| Fedoraproject Fedora | =41 | |
| All of | ||
| Redhat Directory Server | =12.0 | |
| Redhat Enterprise Linux Eus | =9.2 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux Eus | =8.6 | |
| Redhat Enterprise Linux Eus | =8.8 | |
| Redhat Enterprise Linux Eus | =9.2 | |
| Redhat Enterprise Linux For Arm 64 Eus | =8.6 | |
| Redhat Enterprise Linux For Arm 64 Eus | =8.8 | |
| Redhat Enterprise Linux For Arm 64 Eus | =9.2 | |
| Redhat Enterprise Linux For Ibm Z Systems | =9.2 | |
| Redhat Enterprise Linux For Ibm Z Systems Eus | =8.8 | |
| Redhat Enterprise Linux For Power Little Endian Eus | =8.8 | |
| Redhat Enterprise Linux For Power Little Endian Eus | =9.2 | |
| Redhat Enterprise Linux Server Aus | =8.6 | |
| Redhat Enterprise Linux Server Aus | =9.2 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.6 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.8 | |
| Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =9.2 | |
| Redhat Enterprise Linux Server Tus | =8.6 | |
| Redhat Enterprise Linux Server Tus | =8.8 | |
| Redhat Enterprise Linux Update Services For Sap Solutions | =8.6 | |
| Redhat Enterprise Linux Update Services For Sap Solutions | =8.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2024:1074
- https://access.redhat.com/errata/RHSA-2024:1372
- https://access.redhat.com/errata/RHSA-2024:3047
- https://access.redhat.com/errata/RHSA-2024:4209
- https://access.redhat.com/errata/RHSA-2024:4633
- https://access.redhat.com/errata/RHSA-2024:5690
- https://access.redhat.com/security/cve/CVE-2024-1062
- https://bugzilla.redhat.com/show_bug.cgi?id=2256711
- https://bugzilla.redhat.com/show_bug.cgi?id=2261879
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2256711
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2261884
- https://access.redhat.com/errata/RHSA-2024:7458
- agent/weakness
- agent/title
- agent/severity
- agent/author
- agent/softwarecombine
- agent/type
- agent/first-publish-date
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/tags
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-1062
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- package-manager/redhat
- vendor/redhat
- canonical/redhat 389 directory server
- canonical/redhat directory server
- version/redhat directory server/11.7
- version/redhat directory server/11.8
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/39
- version/fedoraproject fedora/40
- version/fedoraproject fedora/41
- version/redhat directory server/12.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/9.2
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux eus/8.6
- version/redhat enterprise linux eus/8.8
- canonical/redhat enterprise linux for arm 64 eus
- version/redhat enterprise linux for arm 64 eus/8.6
- version/redhat enterprise linux for arm 64 eus/8.8
- version/redhat enterprise linux for arm 64 eus/9.2
- canonical/redhat enterprise linux for ibm z systems
- version/redhat enterprise linux for ibm z systems/9.2
- canonical/redhat enterprise linux for ibm z systems eus
- version/redhat enterprise linux for ibm z systems eus/8.8
- canonical/redhat enterprise linux for power little endian eus
- version/redhat enterprise linux for power little endian eus/8.8
- version/redhat enterprise linux for power little endian eus/9.2
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/8.6
- version/redhat enterprise linux server aus/9.2
- canonical/redhat enterprise linux server for power little endian update services for sap solutions
- version/redhat enterprise linux server for power little endian update services for sap solutions/8.6
- version/redhat enterprise linux server for power little endian update services for sap solutions/8.8
- version/redhat enterprise linux server for power little endian update services for sap solutions/9.2
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/8.6
- version/redhat enterprise linux server tus/8.8
- canonical/redhat enterprise linux update services for sap solutions
- version/redhat enterprise linux update services for sap solutions/8.6
- version/redhat enterprise linux update services for sap solutions/8.8