Upstream information
CVE-2021-3480 at MITRE
Description
A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
CVSS v2 Scores
| | National Vulnerability Database |
|---|
| Base Score | 5 |
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
CVSS v3 Scores
| | National Vulnerability Database |
|---|
| Base Score | 7.5 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
No SUSE Bugzilla entries cross referenced.
No SUSE Security Announcements cross referenced.
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
| SUSE Liberty Linux 7 | slapi-nis >= 0.56.5-4.el7_9
| Patchnames:
RHSA-2021:2032 |
| SUSE Liberty Linux 8 | bind-dyndb-ldap >= 11.6-2.module+el8.4.0+9328+4ec4e316custodia >= 0.6.0-3.module+el8.1.0+4098+f286395eipa-client >= 4.9.2-3.module+el8.4.0+10412+5ecb5b37ipa-client-common >= 4.9.2-3.module+el8.4.0+10412+5ecb5b37ipa-client-epn >= 4.9.2-3.module+el8.4.0+10412+5ecb5b37ipa-client-samba >= 4.9.2-3.module+el8.4.0+10412+5ecb5b37ipa-common >= 4.9.2-3.module+el8.4.0+10412+5ecb5b37ipa-healthcheck >= 0.7-3.module+el8.4.0+9007+5084bdd8ipa-healthcheck-core >= 0.7-3.module+el8.4.0+9007+5084bdd8ipa-python-compat >= 4.9.2-3.module+el8.4.0+10412+5ecb5b37ipa-selinux >= 4.9.2-3.module+el8.4.0+10412+5ecb5b37ipa-server >= 4.9.2-3.module+el8.4.0+10412+5ecb5b37ipa-server-common >= 4.9.2-3.module+el8.4.0+10412+5ecb5b37ipa-server-dns >= 4.9.2-3.module+el8.4.0+10412+5ecb5b37ipa-server-trust-ad >= 4.9.2-3.module+el8.4.0+10412+5ecb5b37opendnssec >= 2.1.7-1.module+el8.4.0+9007+5084bdd8python3-custodia >= 0.6.0-3.module+el8.1.0+4098+f286395epython3-ipaclient >= 4.9.2-3.module+el8.4.0+10412+5ecb5b37python3-ipalib >= 4.9.2-3.module+el8.4.0+10412+5ecb5b37python3-ipaserver >= 4.9.2-3.module+el8.4.0+10412+5ecb5b37python3-ipatests >= 4.9.2-3.module+el8.4.0+10412+5ecb5b37python3-jwcrypto >= 0.5.0-1.module+el8.1.0+4098+f286395epython3-kdcproxy >= 0.4-5.module+el8.2.0+4691+a05b2456python3-pyusb >= 1.0.0-9.module+el8.1.0+4098+f286395epython3-qrcode >= 5.1-12.module+el8.1.0+4098+f286395epython3-qrcode-core >= 5.1-12.module+el8.1.0+4098+f286395epython3-yubico >= 1.3.2-9.module+el8.1.0+4098+f286395eslapi-nis >= 0.56.6-2.module+el8.4.0+10615+2234cc2csofthsm >= 2.6.0-5.module+el8.4.0+10227+076cd560softhsm-devel >= 2.6.0-5.module+el8.4.0+10227+076cd560
| Patchnames:
RHSA-2021:1983 |
SUSE Timeline for this CVE
CVE page created: Mon May 17 14:18:01 2021
CVE page last modified: Mon Oct 30 18:12:23 2023
