Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2022-2850

Published: 14/10/2022 Updated: 12/02/2023
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
Subscribe to Enterprise Linux

Vulnerability Summary

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated malicious user to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux 7.0

redhat enterprise linux 6.0

redhat enterprise linux 8.0

redhat directory server 11.0

redhat enterprise linux 9.0

redhat directory server 12.0

redhat 389 directory server

fedoraproject fedora 35

fedoraproject fedora 36

Vendor Advisories

Red Hat: Moderate: 389-ds-base security and bug fix update
Synopsis Moderate: 389-ds-base security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for 389-ds-base is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this u ...
Red Hat: Moderate: 389-ds:1.4 security update
Synopsis Moderate: 389-ds:14 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the 389-ds:14 module is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Se ...
Red Hat: Moderate: 389-ds-base security update
Synopsis Moderate: 389-ds-base security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for 389-ds-base is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security ha ...
Debian CVElist Bug Report Logs: 389-ds-base: CVE-2022-2850: Sync_repl may crash while managing invalid cookie
Debian Bug report logs - #1018054 389-ds-base: CVE-2022-2850: Sync_repl may crash while managing invalid cookie Package: src:389-ds-base; Maintainer for src:389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 24 Aug 2022 19:42 ...
Red Hat: Moderate: 389-ds:1.4 security update
Synopsis Moderate: 389-ds:14 security update Type/Severity Security Advisory: Moderate Topic An update for the 389-ds:14 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detaile ...
Red Hat: Moderate: redhat-ds:11 security, bug fix, and enhancement update
Synopsis Moderate: redhat-ds:11 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the redhat-ds:11 module is now available for Red Hat Directory Server 115 for RHEL 8 ...
Red Hat: Moderate: redhat-ds:12 security update
Synopsis Moderate: redhat-ds:12 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the redhat-ds:12 module is now available for Red Hat Directory Server 120 for RHEL 9Red Hat Product Security h ...
Red Hat: Moderate: 389-ds-base security, bug fix, and enhancement update
Synopsis Moderate: 389-ds-base security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for 389-ds-base is now available for Red Hat Enterprise Linux 9Red Hat Product Security ha ...
Amazon Linux 2: ALAS2-2022-1879
A flaw was found In 389-ds-base When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query This flaw allows an authenticated attacker to cause a denial of service (CVE-2022-2850) ...

Github Repositories

CVE-2022-2850 A flaw was found In 389-ds-base When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query This flaw allows an authenticated attacker to cause a denial of service This CVE is assigned against an incomplete fix of CVE-2021-3514 authentication complexity vector not availab

References

CWE-476https://bugzilla.redhat.com/show_bug.cgi?id=2118691https://access.redhat.com/security/cve/CVE-2022-2850https://access.redhat.com/errata/RHSA-2022:7087https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2022-1879.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-25675CVE-2023-21072physicalCVE-2023-28446encryptionCVE-2023-21076server-side request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook