CVE-2024-3657 - Vulnerability Details

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Redhat	Directory Server Directory Server E4s Directory Server Eus Enterprise Linux Rhel Eus

No data.

Package	CPE	Advisory	Released Date
Red Hat Directory Server 11.5 E4S for RHEL 8
redhat-ds:11-8060020250210084424.0ca98e7e	cpe:/a:redhat:directory_server_e4s:11.5::el8	RHSA-2025:1632	2025-02-18T00:00:00Z
Red Hat Directory Server 11.7 for RHEL 8
redhat-ds:11-8080020240909040333.f969626e	cpe:/a:redhat:directory_server:11.7::el8	RHSA-2024:6576	2024-09-11T00:00:00Z
Red Hat Directory Server 11.8 for RHEL 8
redhat-ds:11-8090020240606122459.91529cd0	cpe:/a:redhat:directory_server:11.8::el8	RHSA-2024:4209	2024-07-02T00:00:00Z
Red Hat Directory Server 11.9 for RHEL 8
redhat-ds:11-8100020240604161237.37ed7c03	cpe:/a:redhat:directory_server:11.9::el8	RHSA-2024:4210	2024-07-02T00:00:00Z
Red Hat Directory Server 12.2 EUS for RHEL 9
redhat-ds:12-9020020240916150035.1674d574	cpe:/a:redhat:directory_server_eus:12.2::el9	RHSA-2024:7458	2024-10-01T00:00:00Z
Red Hat Directory Server 12.4 for RHEL 9
redhat-ds:12-9040020240604143706.1674d574	cpe:/a:redhat:directory_server:12.4::el9	RHSA-2024:4092	2024-06-25T00:00:00Z
Red Hat Enterprise Linux 7
389-ds-base-0:1.3.11.1-5.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2024:3591	2024-06-04T00:00:00Z
Red Hat Enterprise Linux 8
389-ds:1.4-8100020240613122040.25e700aa	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:4235	2024-07-02T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
389-ds:1.4-8080020240807050952.6dbb3803	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:5690	2024-08-21T00:00:00Z
Red Hat Enterprise Linux 9
389-ds-base-0:2.4.5-8.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:3837	2024-06-11T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
389-ds-base-0:2.2.4-9.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:4633	2024-07-18T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:3591
https://access.redhat.com/errata/RHSA-2024:3837
https://access.redhat.com/errata/RHSA-2024:4092
https://access.redhat.com/errata/RHSA-2024:4209
https://access.redhat.com/errata/RHSA-2024:4210
https://access.redhat.com/errata/RHSA-2024:4235
https://access.redhat.com/errata/RHSA-2024:4633
https://access.redhat.com/errata/RHSA-2024:5690
https://access.redhat.com/errata/RHSA-2024:6576
https://access.redhat.com/errata/RHSA-2024:7458
https://access.redhat.com/errata/RHSA-2025:1632
https://access.redhat.com/security/cve/CVE-2024-3657
https://bugzilla.redhat.com/show_bug.cgi?id=2274401
https://nvd.nist.gov/vuln/detail/CVE-2024-3657
https://www.cve.org/CVERecord?id=CVE-2024-3657

History

Tue, 18 Feb 2025 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat directory Server E4s
CPEs		cpe:/a:redhat:directory_server_e4s:11.5::el8
Vendors & Products		Redhat directory Server E4s
References		https://access.redhat.com/errata/RHSA-2025:1632

Tue, 01 Oct 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 01 Oct 2024 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat directory Server Eus
CPEs		cpe:/a:redhat:directory_server_eus:12.2::el9
Vendors & Products		Redhat directory Server Eus
References		https://access.redhat.com/errata/RHSA-2024:7458

Wed, 11 Sep 2024 10:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:directory_server:11.7::el8
References		https://access.redhat.com/errata/RHSA-2024:6576

Wed, 21 Aug 2024 19:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:8.8

Wed, 21 Aug 2024 12:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:8.8::appstream
References		https://access.redhat.com/errata/RHSA-2024:5690

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-05-28T12:53:03.399Z

Updated: 2025-02-18T10:16:12.767Z

Reserved: 2024-04-11T14:21:25.571Z

Link: CVE-2024-3657

Vulnrichment

Updated: 2024-08-01T20:20:00.332Z

NVD

Status : Awaiting Analysis

Published: 2024-05-28T13:15:11.057

Modified: 2025-02-18T11:15:12.433

Link: CVE-2024-3657

Redhat

Severity : Important

Publid Date: 2024-05-28T00:00:00Z

Links: CVE-2024-3657 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3657", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-04-11T14:21:25.571Z", "datePublished": "2024-05-28T12:53:03.399Z", "dateUpdated": "2025-02-18T10:16:12.767Z"}, "containers": {"cna": {"title": "389-ds-base: potential denial of service via specially crafted kerberos as-req request", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service"}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Directory Server 11.5 E4S for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:11", "defaultStatus": "affected", "versions": [{"version": "8060020250210084424.0ca98e7e", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:directory_server_e4s:11.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 11.7 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:11", "defaultStatus": "affected", "versions": [{"version": "8080020240909040333.f969626e", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:directory_server:11.7::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 11.8 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:11", "defaultStatus": "affected", "versions": [{"version": "8090020240606122459.91529cd0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:directory_server:11.8::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 11.9 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:11", "defaultStatus": "affected", "versions": [{"version": "8100020240604161237.37ed7c03", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:directory_server:11.9::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 12.2 EUS for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:12", "defaultStatus": "affected", "versions": [{"version": "9020020240916150035.1674d574", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:directory_server_eus:12.2::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 12.4 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:12", "defaultStatus": "affected", "versions": [{"version": "9040020240604143706.1674d574", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:directory_server:12.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "versions": [{"version": "0:1.3.11.1-5.el7_9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::computenode"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds:1.4", "defaultStatus": "affected", "versions": [{"version": "8100020240613122040.25e700aa", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds:1.4", "defaultStatus": "affected", "versions": [{"version": "8080020240807050952.6dbb3803", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "versions": [{"version": "0:2.4.5-8.el9_4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "versions": [{"version": "0:2.2.4-9.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3591", "name": "RHSA-2024:3591", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3837", "name": "RHSA-2024:3837", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4092", "name": "RHSA-2024:4092", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4209", "name": "RHSA-2024:4209", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4210", "name": "RHSA-2024:4210", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4235", "name": "RHSA-2024:4235", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4633", "name": "RHSA-2024:4633", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:5690", "name": "RHSA-2024:5690", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6576", "name": "RHSA-2024:6576", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:7458", "name": "RHSA-2024:7458", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1632", "name": "RHSA-2025:1632", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3657", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274401", "name": "RHBZ#2274401", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-05-28T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "Improper Input Validation", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-20: Improper Input Validation", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-04-10T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-05-28T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-02-18T10:16:12.767Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-05T20:48:33.613730Z", "id": "CVE-2024-3657", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T20:49:13.347Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:00.332Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3591", "name": "RHSA-2024:3591", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3837", "name": "RHSA-2024:3837", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4092", "name": "RHSA-2024:4092", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4209", "name": "RHSA-2024:4209", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4210", "name": "RHSA-2024:4210", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4235", "name": "RHSA-2024:4235", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4633", "name": "RHSA-2024:4633", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3657", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274401", "name": "RHBZ#2274401", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3591", "name": "RHSA-2024:3591", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3837", "name": "RHSA-2024:3837", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4092", "name": "RHSA-2024:4092", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4209", "name": "RHSA-2024:4209", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4210", "name": "RHSA-2024:4210", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4235", "name": "RHSA-2024:4235", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4633", "name": "RHSA-2024:4633", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3657", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274401", "name": "RHBZ#2274401", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:00.332Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3657", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-05T20:48:33.613730Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-05T20:49:00.838Z"}}], "cna": {"title": "389-ds-base: potential denial of service via specially crafted kerberos as-req request", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:/a:redhat:directory_server_e4s:11.5::el8"], "vendor": "Red Hat", "product": "Red Hat Directory Server 11.5 E4S for RHEL 8", "versions": [{"status": "unaffected", "version": "8060020250210084424.0ca98e7e", "lessThan": "*", "versionType": "rpm"}], "packageName": "redhat-ds:11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:directory_server:11.7::el8"], "vendor": "Red Hat", "product": "Red Hat Directory Server 11.7 for RHEL 8", "versions": [{"status": "unaffected", "version": "8080020240909040333.f969626e", "lessThan": "*", "versionType": "rpm"}], "packageName": "redhat-ds:11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:directory_server:11.8::el8"], "vendor": "Red Hat", "product": "Red Hat Directory Server 11.8 for RHEL 8", "versions": [{"status": "unaffected", "version": "8090020240606122459.91529cd0", "lessThan": "*", "versionType": "rpm"}], "packageName": "redhat-ds:11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:directory_server:11.9::el8"], "vendor": "Red Hat", "product": "Red Hat Directory Server 11.9 for RHEL 8", "versions": [{"status": "unaffected", "version": "8100020240604161237.37ed7c03", "lessThan": "*", "versionType": "rpm"}], "packageName": "redhat-ds:11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:directory_server_eus:12.2::el9"], "vendor": "Red Hat", "product": "Red Hat Directory Server 12.2 EUS for RHEL 9", "versions": [{"status": "unaffected", "version": "9020020240916150035.1674d574", "lessThan": "*", "versionType": "rpm"}], "packageName": "redhat-ds:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:directory_server:12.4::el9"], "vendor": "Red Hat", "product": "Red Hat Directory Server 12.4 for RHEL 9", "versions": [{"status": "unaffected", "version": "9040020240604143706.1674d574", "lessThan": "*", "versionType": "rpm"}], "packageName": "redhat-ds:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::computenode"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "versions": [{"status": "unaffected", "version": "0:1.3.11.1-5.el7_9", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "8100020240613122040.25e700aa", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds:1.4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "versions": [{"status": "unaffected", "version": "8080020240807050952.6dbb3803", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds:1.4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:2.4.5-8.el9_4", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:2.2.4-9.el9_2", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}], "timeline": [{"lang": "en", "time": "2024-04-10T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-05-28T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-05-28T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:3591", "name": "RHSA-2024:3591", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:3837", "name": "RHSA-2024:3837", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4092", "name": "RHSA-2024:4092", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4209", "name": "RHSA-2024:4209", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4210", "name": "RHSA-2024:4210", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4235", "name": "RHSA-2024:4235", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4633", "name": "RHSA-2024:4633", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:5690", "name": "RHSA-2024:5690", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6576", "name": "RHSA-2024:6576", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:7458", "name": "RHSA-2024:7458", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1632", "name": "RHSA-2025:1632", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-3657", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274401", "name": "RHBZ#2274401", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "Improper Input Validation"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-02-18T10:16:12.767Z"}, "x_redhatCweChain": "CWE-20: Improper Input Validation"}}, "cveMetadata": {"cveId": "CVE-2024-3657", "state": "PUBLISHED", "dateUpdated": "2025-02-18T10:16:12.767Z", "dateReserved": "2024-04-11T14:21:25.571Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-05-28T12:53:03.399Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service"}, {"lang": "es", "value": "Se encontr\u00f3 una falla en 389-ds-base. Una consulta LDAP especialmente manipulada puede causar potencialmente una falla en el servidor de directorio, lo que lleva a una denegaci\u00f3n de servicio."}], "id": "CVE-2024-3657", "lastModified": "2025-02-18T11:15:12.433", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-05-28T13:15:11.057", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3591"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:3837"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4092"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4209"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4210"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4235"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4633"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:5690"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:6576"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:7458"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1632"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-3657"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274401"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3591"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:3837"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:4092"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:4209"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:4210"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:4235"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:4633"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/security/cve/CVE-2024-3657"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274401"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:1632", "cpe": "cpe:/a:redhat:directory_server_e4s:11.5::el8", "package": "redhat-ds:11-8060020250210084424.0ca98e7e", "product_name": "Red Hat Directory Server 11.5 E4S for RHEL 8", "release_date": "2025-02-18T00:00:00Z"}, {"advisory": "RHSA-2024:6576", "cpe": "cpe:/a:redhat:directory_server:11.7::el8", "package": "redhat-ds:11-8080020240909040333.f969626e", "product_name": "Red Hat Directory Server 11.7 for RHEL 8", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:4209", "cpe": "cpe:/a:redhat:directory_server:11.8::el8", "package": "redhat-ds:11-8090020240606122459.91529cd0", "product_name": "Red Hat Directory Server 11.8 for RHEL 8", "release_date": "2024-07-02T00:00:00Z"}, {"advisory": "RHSA-2024:4210", "cpe": "cpe:/a:redhat:directory_server:11.9::el8", "package": "redhat-ds:11-8100020240604161237.37ed7c03", "product_name": "Red Hat Directory Server 11.9 for RHEL 8", "release_date": "2024-07-02T00:00:00Z"}, {"advisory": "RHSA-2024:7458", "cpe": "cpe:/a:redhat:directory_server_eus:12.2::el9", "package": "redhat-ds:12-9020020240916150035.1674d574", "product_name": "Red Hat Directory Server 12.2 EUS for RHEL 9", "release_date": "2024-10-01T00:00:00Z"}, {"advisory": "RHSA-2024:4092", "cpe": "cpe:/a:redhat:directory_server:12.4::el9", "package": "redhat-ds:12-9040020240604143706.1674d574", "product_name": "Red Hat Directory Server 12.4 for RHEL 9", "release_date": "2024-06-25T00:00:00Z"}, {"advisory": "RHSA-2024:3591", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "389-ds-base-0:1.3.11.1-5.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-06-04T00:00:00Z"}, {"advisory": "RHSA-2024:4235", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "389-ds:1.4-8100020240613122040.25e700aa", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-02T00:00:00Z"}, {"advisory": "RHSA-2024:5690", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "389-ds:1.4-8080020240807050952.6dbb3803", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-08-21T00:00:00Z"}, {"advisory": "RHSA-2024:3837", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "389-ds-base-0:2.4.5-8.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-06-11T00:00:00Z"}, {"advisory": "RHSA-2024:4633", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "389-ds-base-0:2.2.4-9.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-18T00:00:00Z"}], "bugzilla": {"description": "389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request", "id": "2274401", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274401"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service", "A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-3657", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2024-05-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-3657\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3657"], "statement": "This vulnerability is categorized as an important severity issue rather than a critical one because, while it can cause a denial of service by stopping the directory service, it does not allow for remote code execution, privilege escalation, or data exfiltration. The impact is limited to service disruption, which can be mitigated by monitoring and automatic service restarts. Additionally, exploiting this vulnerability requires specific crafted packets, indicating that an attacker would need a certain level of knowledge and access to execute the attack, reducing the likelihood of widespread exploitation.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object