NVD Vulnerability Detail

CVE-2024-1062

Summary	A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
Publication Date	Feb. 12, 2024, 10:15 p.m.
Registration Date	Feb. 13, 2024, 10 a.m.
Last Update	Nov. 21, 2024, 5:49 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:redhat:389_directory_server::::::::					2.2.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:redhat:directory_server:11.7:::::::*
cpe:2.3:a:redhat:directory_server:11.8:::::::*
cpe:2.3:a:redhat:directory_server:-:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:39:::::::*
cpe:2.3:o:fedoraproject:fedora:40:::::::*
cpe:2.3:o:fedoraproject:fedora:41:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:a:redhat:directory_server:12.0:::::::*
execution environment
1	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::*

Related information, measures and tools

No	URL	タグ
1	https://access.redhat.com/errata/RHSA-2024:1074	Vendor Advisory
2	https://access.redhat.com/errata/RHSA-2024:1372	Vendor Advisory
3	https://access.redhat.com/errata/RHSA-2024:3047	Vendor Advisory
4	https://access.redhat.com/errata/RHSA-2024:4209	Vendor Advisory
5	https://access.redhat.com/errata/RHSA-2024:4633	Vendor Advisory
6	https://access.redhat.com/errata/RHSA-2024:5690	Vendor Advisory
7	https://access.redhat.com/errata/RHSA-2024:7458	Vendor Advisory
8	https://access.redhat.com/security/cve/CVE-2024-1062	Vendor Advisory
9	https://bugzilla.redhat.com/show_bug.cgi?id=2256711	Issue Tracking Vendor Advisory
10	https://bugzilla.redhat.com/show_bug.cgi?id=2261879	Issue Tracking Vendor Advisory
11	https://access.redhat.com/errata/RHSA-2024:1074	Vendor Advisory
12	https://bugzilla.redhat.com/show_bug.cgi?id=2261879	Issue Tracking Vendor Advisory
13	https://bugzilla.redhat.com/show_bug.cgi?id=2256711	Issue Tracking Vendor Advisory
14	https://access.redhat.com/security/cve/CVE-2024-1062	Vendor Advisory
15	https://access.redhat.com/errata/RHSA-2024:4633	Vendor Advisory
16	https://access.redhat.com/errata/RHSA-2024:4209	Vendor Advisory
17	https://access.redhat.com/errata/RHSA-2024:3047	Vendor Advisory
18	https://access.redhat.com/errata/RHSA-2024:1372	Vendor Advisory

Common Vulnerabilities List

JVN Vulnerability Information

レッドハットの 389 Directory Server 等複数ベンダの製品におけるヒープベースのバッファオーバーフローの脆弱性

Title	レッドハットの 389 Directory Server 等複数ベンダの製品におけるヒープベースのバッファオーバーフローの脆弱性
Summary	レッドハットの 389 Directory Server 等複数ベンダの製品には、ヒープベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	Feb. 12, 2024, midnight
Registration Date	Oct. 11, 2024, 10:55 a.m.
Last Update	Oct. 11, 2024, 10:55 a.m.

Affected System

レッドハット

389 Directory Server 2.2.0 未満

enterprise linux for arm 64 eus 8.6

enterprise linux for arm 64 eus 8.8

enterprise linux for arm 64 eus 9.2

enterprise linux update services for sap solutions 8.6

enterprise linux update services for sap solutions 8.8

Red Hat Directory Server

Red Hat Directory Server 11.7

Red Hat Directory Server 11.8

Red Hat Directory Server 12.0

Red Hat Enterprise Linux 8.0

Red Hat Enterprise Linux EUS 8.6

Red Hat Enterprise Linux EUS 8.8

Red Hat Enterprise Linux EUS 9.2

Red Hat Enterprise Linux for IBM z Systems 9.2

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

Red Hat Enterprise Linux for Power Little Endian Update Services for SAP Solutions 8.6

Red Hat Enterprise Linux for Power Little Endian Update Services for SAP Solutions 8.8

Red Hat Enterprise Linux for Power Little Endian Update Services for SAP Solutions 9.2

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

Red Hat Enterprise Linux Server AUS 8.6

Red Hat Enterprise Linux Server AUS 9.2

Red Hat Enterprise Linux Server TUS 8.6

Red Hat Enterprise Linux Server TUS 8.8

Fedora Project

Fedora 39

Fedora 40

Fedora 41

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-1062	https://www.cve.org/CVERecord?id=CVE-2024-1062
National Vulnerability Database (NVD)
2	CVE-2024-1062	https://nvd.nist.gov/vuln/detail/CVE-2024-1062

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-122	https://cwe.mitre.org/data/definitions/122.html

その他

No	Name	URL
関連文書
1	access.redhat.com (CVE-2024-1062)	https://access.redhat.com/security/cve/CVE-2024-1062
2	access.redhat.com (RHSA-2024:1074)	https://access.redhat.com/errata/RHSA-2024:1074
3	access.redhat.com (RHSA-2024:1372)	https://access.redhat.com/errata/RHSA-2024:1372
4	access.redhat.com (RHSA-2024:3047)	https://access.redhat.com/errata/RHSA-2024:3047
5	access.redhat.com (RHSA-2024:4209)	https://access.redhat.com/errata/RHSA-2024:4209
6	access.redhat.com (RHSA-2024:4633)	https://access.redhat.com/errata/RHSA-2024:4633
7	access.redhat.com (RHSA-2024:5690)	https://access.redhat.com/errata/RHSA-2024:5690
8	access.redhat.com (RHSA-2024:7458)	https://access.redhat.com/errata/RHSA-2024:7458
9	bugzilla.redhat.com (2256711)	https://bugzilla.redhat.com/show_bug.cgi?id=2256711
10	bugzilla.redhat.com (2261879)	https://bugzilla.redhat.com/show_bug.cgi?id=2261879

Change Log

No	Changed Details	Date of change
1	[2024年10月11日] 掲載	Oct. 11, 2024, 10:55 a.m.

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::*