When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| 389_directory_server | Redhat | - (including) | - (including) |
| Red Hat Directory Server 11.3 for RHEL 8 | RedHat | redhat-ds:11-8040020220114174559.d9abee45 | * |
| Red Hat Directory Server 11.4 for RHEL 8 | RedHat | redhat-ds:11-8050020210920153716.d3df4063 | * |
| Red Hat Enterprise Linux 8 | RedHat | 389-ds:1.4-8040020210616143519.96015a92 | * |
| Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | 389-ds:1.4-8020020210515224321.dbc46ba7 | * |
| 389-ds-base | Ubuntu | bionic | * |
| 389-ds-base | Ubuntu | esm-apps/bionic | * |
| 389-ds-base | Ubuntu | esm-apps/focal | * |
| 389-ds-base | Ubuntu | esm-apps/xenial | * |
| 389-ds-base | Ubuntu | focal | * |
| 389-ds-base | Ubuntu | groovy | * |
| 389-ds-base | Ubuntu | hirsute | * |
| 389-ds-base | Ubuntu | impish | * |
| 389-ds-base | Ubuntu | trusty | * |
| 389-ds-base | Ubuntu | upstream | * |
| 389-ds-base | Ubuntu | xenial | * |