Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2022-2850

Published: 14/10/2022 Updated: 18/05/2023
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Redhat

Vulnerability Summary

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated malicious user to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux 7.0

redhat enterprise linux 6.0

redhat enterprise linux 8.0

redhat directory server 11.0

redhat enterprise linux 9.0

redhat directory server 12.0

fedoraproject fedora 35

fedoraproject fedora 36

port389 389-ds-base

debian debian linux 10.0

Vendor Advisories

Debian CVElist Bug Report Logs: 389-ds-base: CVE-2022-2850: Sync_repl may crash while managing invalid cookie
Debian Bug report logs - #1018054 389-ds-base: CVE-2022-2850: Sync_repl may crash while managing invalid cookie Package: src:389-ds-base; Maintainer for src:389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 24 Aug 2022 19:42 ...
Red Hat: Moderate: 389-ds:1.4 security update
Synopsis Moderate: 389-ds:14 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the 389-ds:14 module is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Se ...
Red Hat: Moderate: 389-ds-base security update
Synopsis Moderate: 389-ds-base security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for 389-ds-base is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security ha ...
Red Hat: Moderate: 389-ds:1.4 security update
Synopsis Moderate: 389-ds:14 security update Type/Severity Security Advisory: Moderate Topic An update for the 389-ds:14 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detaile ...
Red Hat: Moderate: redhat-ds:12 security update
Synopsis Moderate: redhat-ds:12 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the redhat-ds:12 module is now available for Red Hat Directory Server 120 for RHEL 9Red Hat Product Security h ...
Red Hat: Moderate: 389-ds-base security, bug fix, and enhancement update
Synopsis Moderate: 389-ds-base security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for 389-ds-base is now available for Red Hat Enterprise Linux 9Red Hat Product Security ha ...
Red Hat: Moderate: 389-ds-base security and bug fix update
Synopsis Moderate: 389-ds-base security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for 389-ds-base is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this u ...
Red Hat: Moderate: redhat-ds:11 security, bug fix, and enhancement update
Synopsis Moderate: redhat-ds:11 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the redhat-ds:11 module is now available for Red Hat Directory Server 115 for RHEL 8 ...
Amazon Linux 2: ALAS2-2022-1879
A flaw was found In 389-ds-base When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query This flaw allows an authenticated attacker to cause a denial of service (CVE-2022-2850) ...

References

CWE-476https://bugzilla.redhat.com/show_bug.cgi?id=2118691https://access.redhat.com/security/cve/CVE-2022-2850https://lists.debian.org/debian-lts-announce/2023/04/msg00026.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018054https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2022-1879.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook