CVE-2024-49121

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name	Vendor	Start Version	End Version
Windows_10_1507	Microsoft	*	10.0.10240.20857 (excluding)
Windows_10_1607	Microsoft	*	10.0.14393.7606 (excluding)
Windows_10_1809	Microsoft	*	10.0.17763.6659 (excluding)
Windows_10_21h2	Microsoft	*	10.0.19044.5247 (excluding)
Windows_10_22h2	Microsoft	*	10.0.19045.5247 (excluding)
Windows_11_22h2	Microsoft	*	10.0.22621.4602 (excluding)
Windows_11_23h2	Microsoft	*	10.0.22631.4602 (excluding)
Windows_11_24h2	Microsoft	*	10.0.26100.2605 (excluding)
Windows_server_2008	Microsoft	–sp2 (including)	–sp2 (including)
Windows_server_2008	Microsoft	r2-sp1 (including)	r2-sp1 (including)
Windows_server_2012	Microsoft	- (including)	- (including)
Windows_server_2012	Microsoft	r2 (including)	r2 (including)
Windows_server_2016	Microsoft	*	10.0.14393.7606 (excluding)
Windows_server_2019	Microsoft	*	10.0.17763.6659 (excluding)
Windows_server_2022	Microsoft	*	10.0.20348.2966 (excluding)
Windows_server_2022_23h2	Microsoft	*	10.0.25398.1308 (excluding)
Windows_server_2025	Microsoft	*	10.0.26100.2605 (excluding)

Potential Mitigations

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49121

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-49121
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References