Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2024-6237

CVE-2024-6237

MEDIUM6.5

389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request

Published Jul 9, 2024

Modified 3 months ago

Details

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

References

https://access.redhat.com/errata/RHSA-2024:4997

https://access.redhat.com/errata/RHSA-2024:5192

https://access.redhat.com/security/cve/CVE-2024-6237

https://bugzilla.redhat.com/show_bug.cgi?id=2293579

https://github.com/389ds/389-ds-base/issues/5989

https://www.cve.org/CVERecord?id=CVE-2024-6237

CVSS Analysis

CVSS v3.1

6.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

6.5/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedJul 9, 2024

ModifiedNov 20, 2025

CVE-2024-6237 | Mondoo Vulnerability Intelligence