CVE Vulnerabilities

CVE-2022-2850

NULL Pointer Dereference

Published: Oct 14, 2022 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Directory_server Redhat 11.0 (including) 11.0 (including)
Directory_server Redhat 12.0 (including) 12.0 (including)
Enterprise_linux Redhat 6.0 (including) 6.0 (including)
Enterprise_linux Redhat 7.0 (including) 7.0 (including)
Enterprise_linux Redhat 8.0 (including) 8.0 (including)
Enterprise_linux Redhat 9.0 (including) 9.0 (including)
Red Hat Directory Server 11.5 for RHEL 8 RedHat redhat-ds:11-8060020221122205230.0ca98e7e *
Red Hat Directory Server 12.0 for RHEL 9 RedHat redhat-ds:12-9000020230124175804.fd05c7f4 *
Red Hat Enterprise Linux 7 RedHat 389-ds-base-0:1.3.10.2-17.el7_9 *
Red Hat Enterprise Linux 8 RedHat 389-ds:1.4-8060020221011200628.824efc52 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat 389-ds:1.4-8040020221110201811.96015a92 *
Red Hat Enterprise Linux 9 RedHat 389-ds-base-0:2.1.3-4.el9_1 *
Red Hat Enterprise Linux 9.0 Extended Update Support RedHat 389-ds-base-0:2.0.14-3.el9_0 *
389-ds-base Ubuntu bionic *
389-ds-base Ubuntu kinetic *
389-ds-base Ubuntu lunar *
389-ds-base Ubuntu mantic *
389-ds-base Ubuntu trusty *
389-ds-base Ubuntu xenial *

Potential Mitigations

References