CVE-2022-0918

Summary

A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.

Affected Software

VendorProductVersion RangeStatus
n/a389-ds-base1.4affected

Weaknesses

  • Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References