{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8445", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-09-05T00:28:32.318Z", "datePublished": "2024-09-05T14:24:01.125Z", "dateUpdated": "2025-07-04T10:26:37.834Z"}, "containers": {"cna": {"title": "389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199)", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input."}], "affected": [{"versions": [{"status": "affected", "version": "3.1.1", "versionType": "semver"}], "packageName": "389-ds-base", "collectionURL": "https://github.com/389ds/389-ds-base", "defaultStatus": "unknown"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "affected", "versions": [{"version": "0:1.3.11.1-7.el7_9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_els:7"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 11", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:11/389-ds-base", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:directory_server:11"]}, {"vendor": "Red Hat", "product": "Red Hat Directory Server 12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "redhat-ds:12/389-ds-base", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:directory_server:12"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds:1.4/389-ds-base", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "389-ds-base", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:7434", "name": "RHSA-2024:7434", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-8445", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310110", "name": "RHBZ#2310110", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-09-05T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "Improper Input Validation", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-20: Improper Input Validation", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-09-05T00:18:40.983000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-05T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-07-04T10:26:37.834Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-05T19:58:06.641154Z", "id": "CVE-2024-8445", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T19:58:15.942Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8445", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-05T19:58:06.641154Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T19:58:11.798Z"}}], "cna": {"title": "389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199)", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "3.1.1", "versionType": "semver"}], "packageName": "389-ds-base", "collectionURL": "https://github.com/389ds/389-ds-base", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:rhel_els:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "versions": [{"status": "unaffected", "version": "0:1.3.11.1-7.el7_9", "lessThan": "*", "versionType": "rpm"}], "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:directory_server:11"], "vendor": "Red Hat", "product": "Red Hat Directory Server 11", "packageName": "redhat-ds:11/389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:directory_server:12"], "vendor": "Red Hat", "product": "Red Hat Directory Server 12", "packageName": "redhat-ds:12/389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "389-ds:1.4/389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "389-ds-base", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-09-05T00:18:40.983000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-09-05T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-09-05T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:7434", "name": "RHSA-2024:7434", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-8445", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310110", "name": "RHBZ#2310110", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "Improper Input Validation"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-07-04T10:26:37.834Z"}, "x_redhatCweChain": "CWE-20: Improper Input Validation"}}, "cveMetadata": {"cveId": "CVE-2024-8445", "state": "PUBLISHED", "dateUpdated": "2025-07-04T10:26:37.834Z", "dateReserved": "2024-09-05T00:28:32.318Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-09-05T14:24:01.125Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input."}, {"lang": "es", "value": "La correcci\u00f3n de CVE-2024-2199 en 389-ds-base no fue suficiente para cubrir todos los escenarios. En ciertas versiones del producto, un usuario autenticado puede provocar un bloqueo del servidor al modificar `userPassword` mediante una entrada mal formada."}], "id": "CVE-2024-8445", "lastModified": "2024-10-01T06:15:02.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-09-05T15:15:16.927", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:7434"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-8445"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310110"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7434", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "389-ds-base-0:1.3.11.1-7.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2024-10-01T00:00:00Z"}], "bugzilla": {"description": "389-ds-base: server crash while modifying `userPassword` using malformed input (Incomplete fix for CVE-2024-2199)", "id": "2310110", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310110"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.", "The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-8445", "package_state": [{"cpe": "cpe:/a:redhat:directory_server:11", "fix_state": "Not affected", "package_name": "redhat-ds:11/389-ds-base", "product_name": "Red Hat Directory Server 11"}, {"cpe": "cpe:/a:redhat:directory_server:12", "fix_state": "Not affected", "package_name": "redhat-ds:12/389-ds-base", "product_name": "Red Hat Directory Server 12"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "389-ds:1.4/389-ds-base", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-8445\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-8445"], "threat_severity": "Moderate"}