Vulnerability Description
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Port389 | 389-Ds-Base | 1.4.0 |
| Redhat | Enterprise Linux | 8.0 |
References
- https://access.redhat.com/security/cve/CVE-2022-0918Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2055815Issue TrackingThird Party Advisory
- https://github.com/389ds/389-ds-base/issues/5242Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html
- https://access.redhat.com/security/cve/CVE-2022-0918Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2055815Issue TrackingThird Party Advisory
- https://github.com/389ds/389-ds-base/issues/5242Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html
FAQ
What is CVE-2022-0918?
CVE-2022-0918 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered...
How severe is CVE-2022-0918?
CVE-2022-0918 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0918?
Check the references section above for vendor advisories and patch information. Affected products include: Port389 389-Ds-Base, Redhat Enterprise Linux.