projects / 389-ds-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5575f7f) | patch
Security fix for CVE-2024-3657
authorPierre Rogier <progier@redhat.com>
Wed, 17 Apr 2024 16:18:04 +0000 (18:18 +0200)
committerAndrej Shadura <andrewsh@debian.org>
Thu, 16 Jan 2025 16:16:37 +0000 (17:16 +0100)
commitb00e568f7a957b1716a9996cc907f64263bbed97
treedd388eba7eb7d1894dd694aa389c824f821d4056tree | snapshot
parent5575f7f26c03ea799940ec9853487448f4a91a48commit | diff
Security fix for CVE-2024-3657

Description:
A flaw was found in the 389 Directory Server. A specially-crafted LDAP query
can potentially cause a failure on the directory server, leading to a denial
of service.

Fix Description:
The code was modified to avoid a buffer overflow when logging some requests
in the audit log.

References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-3657
- https://access.redhat.com/security/cve/CVE-2024-3657
- https://bugzilla.redhat.com/show_bug.cgi?id=2274401

Gbp-Pq: Name CVE-2024-3657.patch
dirsrvtests/tests/suites/filter/large_filter_test.py diff | blob | history
ldap/servers/slapd/back-ldbm/index.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.