Vulnerabilities > CVE-2021-4091 - Double Free vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

port389

redhat

CWE-415

NVD

Published: 2022-02-18

Updated: 2023-04-24

Summary

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.

Vulnerable Configurations

Part	Description	Count
Application	Port389 Port389 389 DS Base - Port389 389 DS Base 1.2.1 Port389 389 DS Base 1.2.2 Port389 389 DS Base 1.2.3 Port389 389 DS Base 1.2.4 Port389 389 DS Base 1.2.5 Port389 389 DS Base 1.2.6 Port389 389 DS Base 1.2.6.1 Port389 389 DS Base 1.2.7 Port389 389 DS Base 1.2.7.1 Port389 389 DS Base 1.2.7.2 Port389 389 DS Base 1.2.7.3 Port389 389 DS Base 1.2.7.4 Port389 389 DS Base 1.2.7.5 Port389 389 DS Base 1.2.8.0 Port389 389 DS Base 1.2.8.1 Port389 389 DS Base 1.2.8.2 Port389 389 DS Base 1.2.8.3 Port389 389 DS Base 1.2.9.0 Port389 389 DS Base 1.2.9.1 Port389 389 DS Base 1.2.9.2 Port389 389 DS Base 1.2.9.3 Port389 389 DS Base 1.2.9.4 Port389 389 DS Base 1.2.9.5 Port389 389 DS Base 1.2.9.6 Port389 389 DS Base 1.2.9.8 Port389 389 DS Base 1.2.9.9 Port389 389 DS Base 1.2.9.10 Port389 389 DS Base 1.2.10.0	29
OS	Redhat Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux FOR Scientific Computing 7.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux FOR Power Little Endian 7.0 Redhat Enterprise Linux FOR Power BIG Endian 7.0 Redhat Enterprise Linux FOR IBM Z Systems 7.0 Redhat Enterprise Linux Desktop 7	7

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References