A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Directory_server | Redhat | 11.0 (including) | 11.0 (including) |
| Directory_server | Redhat | 12.0 (including) | 12.0 (including) |
| Enterprise_linux | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux | Redhat | 8.0 (including) | 8.0 (including) |
| Enterprise_linux | Redhat | 9.0 (including) | 9.0 (including) |
| Red Hat Directory Server 11.5 for RHEL 8 | RedHat | redhat-ds:11-8060020221122205230.0ca98e7e | * |
| Red Hat Directory Server 12.0 for RHEL 9 | RedHat | redhat-ds:12-9000020230124175804.fd05c7f4 | * |
| Red Hat Enterprise Linux 7 | RedHat | 389-ds-base-0:1.3.10.2-17.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | 389-ds:1.4-8060020221011200628.824efc52 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support | RedHat | 389-ds:1.4-8040020221110201811.96015a92 | * |
| Red Hat Enterprise Linux 9 | RedHat | 389-ds-base-0:2.1.3-4.el9_1 | * |
| Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | 389-ds-base-0:2.0.14-3.el9_0 | * |
| 389-ds-base | Ubuntu | bionic | * |
| 389-ds-base | Ubuntu | kinetic | * |
| 389-ds-base | Ubuntu | lunar | * |
| 389-ds-base | Ubuntu | mantic | * |
| 389-ds-base | Ubuntu | trusty | * |
| 389-ds-base | Ubuntu | xenial | * |