A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Slapi-nis | Slapi-nis_project | * | 0.56.7 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | slapi-nis-0:0.56.5-4.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | idm:DL1-8040020210416132749.5b01ab7e | * |
| Red Hat Enterprise Linux 8.1 Extended Update Support | RedHat | idm:DL1-8010020210426160345.6573b795 | * |
| Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | idm:DL1-8020020210426160405.792f4060 | * |
| Slapi-nis | Ubuntu | bionic | * |
| Slapi-nis | Ubuntu | groovy | * |
| Slapi-nis | Ubuntu | hirsute | * |
| Slapi-nis | Ubuntu | impish | * |
| Slapi-nis | Ubuntu | kinetic | * |
| Slapi-nis | Ubuntu | lunar | * |
| Slapi-nis | Ubuntu | mantic | * |
| Slapi-nis | Ubuntu | trusty | * |
| Slapi-nis | Ubuntu | xenial | * |