projects / 389-ds-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 76e2f33) | patch
Security fix for CVE-2024-3657
authorPierre Rogier <progier@redhat.com>
Wed, 17 Apr 2024 16:18:04 +0000 (18:18 +0200)
committerAndrej Shadura <andrewsh@debian.org>
Sun, 19 Jan 2025 12:30:31 +0000 (13:30 +0100)
commit09729293fce390a9d0724110c0018b4c147438c3
treea38933af8675edae1c1164955da8ff74b4907cc0tree | snapshot
parent76e2f33aa7a8959a801621f11280c6ba63f09702commit | diff
Security fix for CVE-2024-3657

Description:
A flaw was found in the 389 Directory Server. A specially-crafted LDAP query
can potentially cause a failure on the directory server, leading to a denial
of service.

Fix Description:
The code was modified to avoid a buffer overflow when logging some requests
in the audit log.

References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-3657
- https://access.redhat.com/security/cve/CVE-2024-3657
- https://bugzilla.redhat.com/show_bug.cgi?id=2274401

Origin: upstream, commit:1cbd6144eecdfaab0f7a84a92cc3de7ee413ac3f

Gbp-Pq: Name CVE-2024-3657.patch
dirsrvtests/tests/suites/filter/large_filter_test.py diff | blob | history
ldap/servers/slapd/back-ldbm/index.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.