CVE-2024-2199 - Vulnerability Details

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00133.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat Subscribe	Directory Server Subscribe Directory Server E4s Subscribe Enterprise Linux Subscribe Rhel Eus Subscribe

No data.

Package	CPE	Advisory	Released Date
Red Hat Directory Server 11.5 E4S for RHEL 8
redhat-ds:11-8060020250210084424.0ca98e7e	cpe:/a:redhat:directory_server_e4s:11.5::el8	RHSA-2025:1632	2025-02-18T00:00:00Z
Red Hat Directory Server 11.8 for RHEL 8
redhat-ds:11-8090020240606122459.91529cd0	cpe:/a:redhat:directory_server:11.8::el8	RHSA-2024:4209	2024-07-02T00:00:00Z
Red Hat Directory Server 11.9 for RHEL 8
redhat-ds:11-8100020240604161237.37ed7c03	cpe:/a:redhat:directory_server:11.9::el8	RHSA-2024:4210	2024-07-02T00:00:00Z
Red Hat Directory Server 12.4 for RHEL 9
redhat-ds:12-9040020240604143706.1674d574	cpe:/a:redhat:directory_server:12.4::el9	RHSA-2024:4092	2024-06-25T00:00:00Z
Red Hat Enterprise Linux 7
389-ds-base-0:1.3.11.1-5.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2024:3591	2024-06-04T00:00:00Z
Red Hat Enterprise Linux 8
389-ds:1.4-8100020240613122040.25e700aa	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:4235	2024-07-02T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
389-ds:1.4-8080020240807050952.6dbb3803	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:5690	2024-08-21T00:00:00Z
Red Hat Enterprise Linux 9
389-ds-base-0:2.4.5-8.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:3837	2024-06-11T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
389-ds-base-0:2.2.4-9.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:4633	2024-07-18T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-4021-1	389-ds-base security update
EUVD	EUVD-2024-27159	A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:3591
https://access.redhat.com/errata/RHSA-2024:3837
https://access.redhat.com/errata/RHSA-2024:4092
https://access.redhat.com/errata/RHSA-2024:4209
https://access.redhat.com/errata/RHSA-2024:4210
https://access.redhat.com/errata/RHSA-2024:4235
https://access.redhat.com/errata/RHSA-2024:4633
https://access.redhat.com/errata/RHSA-2024:5690
https://access.redhat.com/errata/RHSA-2025:1632
https://access.redhat.com/security/cve/CVE-2024-2199
https://bugzilla.redhat.com/show_bug.cgi?id=2267976
https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html
https://nvd.nist.gov/vuln/detail/CVE-2024-2199
https://www.cve.org/CVERecord?id=CVE-2024-2199

History

Tue, 04 Nov 2025 06:30:00 +0900

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html

Wed, 16 Jul 2025 22:45:00 +0900

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00133}`	epss `{'score': 0.00137}`

Tue, 18 Feb 2025 19:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat directory Server E4s
CPEs		cpe:/a:redhat:directory_server_e4s:11.5::el8
Vendors & Products		Redhat directory Server E4s
References		https://access.redhat.com/errata/RHSA-2025:1632

Mon, 25 Nov 2024 01:15:00 +0900

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 22 Aug 2024 04:00:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:8.8

Wed, 21 Aug 2024 21:45:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:8.8::appstream
References		https://access.redhat.com/errata/RHSA-2024:5690

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-05-28T12:04:07.401Z

Updated: 2025-11-06T21:48:49.923Z

Reserved: 2024-03-05T18:54:52.210Z

Link: CVE-2024-2199

Vulnrichment

Updated: 2025-11-03T20:36:43.979Z

NVD

Status : Awaiting Analysis

Published: 2024-05-28T12:15:08.950

Modified: 2025-11-03T21:16:09.207

Link: CVE-2024-2199

Redhat

Severity : Moderate

Publid Date: 2024-05-28T00:00:00Z

Links: CVE-2024-2199 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object