First published: Tue Jan 30 2024(Updated: )
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/389-ds-base | <2.2.0 | 2.2.0 |
Red Hat 389 Directory Server | <2.2.0 | |
Red Hat Directory Server | ||
Red Hat Directory Server | =11.7 | |
Red Hat Directory Server | =11.8 | |
Red Hat Fedora | =39 | |
Red Hat Fedora | =40 | |
Red Hat Fedora | =41 | |
All of | ||
Red Hat Directory Server | =12.0 | |
Red Hat Enterprise Linux Server EUS | =9.2 | |
Red Hat Enterprise Linux | =8.0 | |
Red Hat Enterprise Linux Server EUS | =8.6 | |
Red Hat Enterprise Linux Server EUS | =8.8 | |
Red Hat Enterprise Linux Server EUS | =9.2 | |
Red Hat Enterprise Linux for ARM64 EUS | =8.6 | |
Red Hat Enterprise Linux for ARM64 EUS | =8.8 | |
Red Hat Enterprise Linux for ARM64 EUS | =9.2 | |
Red Hat Enterprise Linux for IBM Z Systems | =9.2 | |
Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.8 | |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.8 | |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =9.2 | |
Red Hat Enterprise Linux Server | =8.6 | |
Red Hat Enterprise Linux Server | =9.2 | |
Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.6 | |
Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.8 | |
Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =9.2 | |
Red Hat Enterprise Linux Server | =8.6 | |
Red Hat Enterprise Linux Server | =8.8 | |
Red Hat Enterprise Linux for SAP Solutions | =8.6 | |
Red Hat Enterprise Linux for SAP Solutions | =8.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-1062 is classified as a high severity vulnerability due to its potential to cause a denial of service.
To fix CVE-2024-1062, update the affected version of 389-ds-base to at least version 2.2.0 or later.
CVE-2024-1062 affects versions of 389-ds-base up to 2.2.0 and several versions of Red Hat Directory Server.
CVE-2024-1062 is a heap overflow vulnerability that occurs when writing values larger than 256 characters in log_entry_attr.
The potential impacts of CVE-2024-1062 include service disruption and denial of service due to the heap overflow.