CVE-2024-5953: 389-ds-base: malformed userpassword hash may cause denial of service
Description
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
Classification
CVE ID: CVE-2024-5953
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.6% (probability of being exploited)
EPSS Percentile: 66.64% (scored less or equal to compared to others)
EPSS Date: 2025-03-19 (when was this score calculated)
References
https://access.redhat.com/errata/RHSA-2024:4633https://access.redhat.com/errata/RHSA-2024:4997
https://access.redhat.com/errata/RHSA-2024:5192
https://access.redhat.com/errata/RHSA-2024:5690
https://access.redhat.com/errata/RHSA-2024:6153
https://access.redhat.com/errata/RHSA-2024:6568
https://access.redhat.com/errata/RHSA-2024:6569
https://access.redhat.com/errata/RHSA-2024:6576
https://access.redhat.com/errata/RHSA-2024:7458
https://access.redhat.com/errata/RHSA-2025:1632
https://access.redhat.com/security/cve/CVE-2024-5953
https://bugzilla.redhat.com/show_bug.cgi?id=2292104