Vulnerability Description
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Port389 | 389-Ds-Base | < 1.3.10.2 |
| Redhat | Enterprise Linux Desktop | 7 |
| Redhat | Enterprise Linux For Ibm Z Systems | 7.0 |
| Redhat | Enterprise Linux For Power Big Endian | 7.0 |
| Redhat | Enterprise Linux For Power Little Endian | 7.0 |
| Redhat | Enterprise Linux For Scientific Computing | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Workstation | 7.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2030307Issue TrackingPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2030307Issue TrackingPatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html
FAQ
What is CVE-2021-4091?
CVE-2021-4091 is a vulnerability with a CVSS score of 7.5 (HIGH). A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly,...
How severe is CVE-2021-4091?
CVE-2021-4091 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-4091?
Check the references section above for vendor advisories and patch information. Affected products include: Port389 389-Ds-Base, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux For Ibm Z Systems, Redhat Enterprise Linux For Power Big Endian, Redhat Enterprise Linux For Power Little Endian.