CVE-2022-0918
HIGH389-ds-base - Unauthenticated Denial of Service via LDAP Message
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-0918. PoCs published by NathanMulbrook.
AI-analyzed exploit summary This PoC exploits CVE-2022-0918, a DoS vulnerability in 389 Directory Server (slapd) by sending a malformed LDAP packet to trigger a segmentation fault. The code constructs a crafted packet and sends it to the target server on port 389.
Description
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
Exploits (1)
This PoC exploits CVE-2022-0918, a DoS vulnerability in 389 Directory Server (slapd) by sending a malformed LDAP packet to trigger a segmentation fault. The code constructs a crafted packet and sends it to the target server on port 389.
References (5)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H