๐Ÿ” CVE Alert

CVE-2024-5953

MEDIUM 5.7

389-ds-base: malformed userpassword hash may cause denial of service

CVSS Score
5.7
EPSS Score
0.0%
EPSS Percentile
0th

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.

CWE CWE-1288
Published Jun 18, 2024
Last Updated Feb 25, 2026
Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new medium vulnerabilities are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Affected Versions

Red Hat / Red Hat Directory Server 11.5 E4S for RHEL 8
All versions affected
Red Hat / Red Hat Directory Server 11.7 for RHEL 8
All versions affected
Red Hat / Red Hat Directory Server 11.9 for RHEL 8
All versions affected
Red Hat / Red Hat Directory Server 12.2 EUS for RHEL 9
All versions affected
Red Hat / Red Hat Directory Server 12.4 for RHEL 9
All versions affected
Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 10
All versions affected
Red Hat / Red Hat Enterprise Linux 6
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4633 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:4997 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:5192 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:5690 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6153 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6568 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6569 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:6576 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:7458 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1632 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-5953 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2292104 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html

Credits

This issue was discovered by Tรชko Mihinto (Red Hat).