CVE-2024-3657 - Vulnerability Details

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00596.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Redhat Subscribe	Directory Server Subscribe Directory Server E4s Subscribe Directory Server Eus Subscribe Enterprise Linux Subscribe Rhel Eus Subscribe

No data.

Package	CPE	Advisory	Released Date
Red Hat Directory Server 11.5 E4S for RHEL 8
redhat-ds:11-8060020250210084424.0ca98e7e	cpe:/a:redhat:directory_server_e4s:11.5::el8	RHSA-2025:1632	2025-02-18T00:00:00Z
Red Hat Directory Server 11.7 for RHEL 8
redhat-ds:11-8080020240909040333.f969626e	cpe:/a:redhat:directory_server:11.7::el8	RHSA-2024:6576	2024-09-11T00:00:00Z
Red Hat Directory Server 11.8 for RHEL 8
redhat-ds:11-8090020240606122459.91529cd0	cpe:/a:redhat:directory_server:11.8::el8	RHSA-2024:4209	2024-07-02T00:00:00Z
Red Hat Directory Server 11.9 for RHEL 8
redhat-ds:11-8100020240604161237.37ed7c03	cpe:/a:redhat:directory_server:11.9::el8	RHSA-2024:4210	2024-07-02T00:00:00Z
Red Hat Directory Server 12.2 EUS for RHEL 9
redhat-ds:12-9020020240916150035.1674d574	cpe:/a:redhat:directory_server_eus:12.2::el9	RHSA-2024:7458	2024-10-01T00:00:00Z
Red Hat Directory Server 12.4 for RHEL 9
redhat-ds:12-9040020240604143706.1674d574	cpe:/a:redhat:directory_server:12.4::el9	RHSA-2024:4092	2024-06-25T00:00:00Z
Red Hat Enterprise Linux 7
389-ds-base-0:1.3.11.1-5.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2024:3591	2024-06-04T00:00:00Z
Red Hat Enterprise Linux 8
389-ds:1.4-8100020240613122040.25e700aa	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:4235	2024-07-02T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
389-ds:1.4-8080020240807050952.6dbb3803	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:5690	2024-08-21T00:00:00Z
Red Hat Enterprise Linux 9
389-ds-base-0:2.4.5-8.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:3837	2024-06-11T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
389-ds-base-0:2.2.4-9.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:4633	2024-07-18T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-4021-1	389-ds-base security update
EUVD	EUVD-2024-32233	A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:3591
https://access.redhat.com/errata/RHSA-2024:3837
https://access.redhat.com/errata/RHSA-2024:4092
https://access.redhat.com/errata/RHSA-2024:4209
https://access.redhat.com/errata/RHSA-2024:4210
https://access.redhat.com/errata/RHSA-2024:4235
https://access.redhat.com/errata/RHSA-2024:4633
https://access.redhat.com/errata/RHSA-2024:5690
https://access.redhat.com/errata/RHSA-2024:6576
https://access.redhat.com/errata/RHSA-2024:7458
https://access.redhat.com/errata/RHSA-2025:1632
https://access.redhat.com/security/cve/CVE-2024-3657
https://bugzilla.redhat.com/show_bug.cgi?id=2274401
https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html
https://nvd.nist.gov/vuln/detail/CVE-2024-3657
https://www.cve.org/CVERecord?id=CVE-2024-3657

History

Tue, 04 Nov 2025 06:30:00 +0900

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html

Sat, 05 Jul 2025 12:00:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10

Tue, 18 Feb 2025 19:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat directory Server E4s
CPEs		cpe:/a:redhat:directory_server_e4s:11.5::el8
Vendors & Products		Redhat directory Server E4s
References		https://access.redhat.com/errata/RHSA-2025:1632

Wed, 02 Oct 2024 03:30:00 +0900

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 02 Oct 2024 02:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat directory Server Eus
CPEs		cpe:/a:redhat:directory_server_eus:12.2::el9
Vendors & Products		Redhat directory Server Eus
References		https://access.redhat.com/errata/RHSA-2024:7458

Wed, 11 Sep 2024 19:30:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:directory_server:11.7::el8
References		https://access.redhat.com/errata/RHSA-2024:6576

Thu, 22 Aug 2024 04:00:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:8.8

Wed, 21 Aug 2024 21:45:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:8.8::appstream
References		https://access.redhat.com/errata/RHSA-2024:5690

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-05-28T12:53:03.399Z

Updated: 2025-11-06T20:56:31.849Z

Reserved: 2024-04-11T14:21:25.571Z

Link: CVE-2024-3657

Vulnrichment

Updated: 2025-11-03T20:37:48.319Z

NVD

Status : Awaiting Analysis

Published: 2024-05-28T13:15:11.057

Modified: 2025-11-03T21:16:16.273

Link: CVE-2024-3657

Redhat

Severity : Important

Publid Date: 2024-05-28T00:00:00Z

Links: CVE-2024-3657 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object