CVE-2021-3514 - log back

CVE-2021-3514 edited at 26 Jul 2021 21:11:45
Description
- A security issue was found in 389-ds-base. When using a sync_repl client, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash of 389-ds-base.
+ A security issue was found in 389-ds-base before version 2.0.5. When using a sync_repl client, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash of 389-ds-base.
CVE-2021-3514 edited at 28 Apr 2021 08:19:16
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A security issue was found in 389-ds-base. When using a sync_repl client, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash of 389-ds-base.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1952907
+ https://github.com/389ds/389-ds-base/issues/4711
+ https://github.com/389ds/389-ds-base/pull/4738
+ https://github.com/389ds/389-ds-base/commit/d7eef2fcfbab2ef8aa6ee0bf60f0a9b16ede66e0
Notes
CVE-2021-3514 created at 28 Apr 2021 08:16:38