CVE-2024-2199

Description

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.

PUBLISHED Reserved 2024-03-05 | Published 2024-05-28 | Updated 2026-06-26 | Assigner redhat

Problem types

Improper Input Validation

Product status

Timeline

References

access.redhat.com/errata/RHSA-2024:3591 (RHSA-2024:3591) vendor-advisory

access.redhat.com/errata/RHSA-2024:3837 (RHSA-2024:3837) vendor-advisory

access.redhat.com/errata/RHSA-2024:4092 (RHSA-2024:4092) vendor-advisory

access.redhat.com/errata/RHSA-2024:4209 (RHSA-2024:4209) vendor-advisory

access.redhat.com/errata/RHSA-2024:4210 (RHSA-2024:4210) vendor-advisory

access.redhat.com/errata/RHSA-2024:4235 (RHSA-2024:4235) vendor-advisory

access.redhat.com/errata/RHSA-2024:4633 (RHSA-2024:4633) vendor-advisory

access.redhat.com/security/cve/CVE-2024-2199 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2267976 (RHBZ#2267976) issue-tracking

lists.debian.org/debian-lts-announce/2025/01/msg00015.html

access.redhat.com/errata/RHSA-2024:3591 (RHSA-2024:3591) vendor-advisory

access.redhat.com/errata/RHSA-2024:3837 (RHSA-2024:3837) vendor-advisory

access.redhat.com/errata/RHSA-2024:4092 (RHSA-2024:4092) vendor-advisory

access.redhat.com/errata/RHSA-2024:4209 (RHSA-2024:4209) vendor-advisory

access.redhat.com/errata/RHSA-2024:4210 (RHSA-2024:4210) vendor-advisory

access.redhat.com/errata/RHSA-2024:4235 (RHSA-2024:4235) vendor-advisory

access.redhat.com/errata/RHSA-2024:4633 (RHSA-2024:4633) vendor-advisory

access.redhat.com/errata/RHSA-2024:5690 (RHSA-2024:5690) vendor-advisory

access.redhat.com/errata/RHSA-2025:1632 (RHSA-2025:1632) vendor-advisory

access.redhat.com/security/cve/CVE-2024-2199 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2267976 (RHBZ#2267976) issue-tracking

www.port389.org/docs/389ds/releases/release-3-1-1.html

cve.org (CVE-2024-2199)

nvd.nist.gov (CVE-2024-2199)

Download JSON