389-ds-base-legacy-tools (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package 389-ds-base-legacy-tools, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2021-4091 — CVSS 7.5 (high): A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series…
CVE-2022-0918 — CVSS 7.5 (high): A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to…
CVE-2024-3657 — CVSS 7.5 (high): A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a…
CVE-2026-9064 — CVSS 7.5 (high): A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the…
CVE-2025-14905 — CVSS 7.2 (high): A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within…
CVE-2022-0996 — CVSS 6.5 (medium): A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
CVE-2022-2850 — CVSS 6.5 (medium): A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer…
CVE-2024-2199 — CVSS 5.7 (medium): A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash…
CVE-2024-5953 — CVSS 5.7 (medium): A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server…
CVE-2024-1062 — CVSS 5.5 (medium): A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in…