CVE-2024-6237

{"id": "CVE-2024-6237", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-07-09T17:15:48.960", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4997", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:5192", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-6237", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293579", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://github.com/389ds/389-ds-base/issues/5989", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-230"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en 389 Directory Server. Este fallo permite que un usuario no autenticado provoque un fallo sistem\u00e1tico del servidor mientras env\u00eda una solicitud de b\u00fasqueda extendida espec\u00edfica, lo que lleva a una denegaci\u00f3n de servicio."}], "lastModified": "2024-08-29T18:15:14.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3DAF61A-58A9-41A6-A4DC-64148055B0C1"}, {"criteria": "cpe:2.3:o:redhat:389_directory_server:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A861110D-0BBC-4052-BBFD-F718F6CD72C5"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}