CVE-2024-49113

HIGH

Windows LDAP - Denial of Service via Out-of-bounds Read

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2024-49113. PoCs published by SafeBreach-Labs, barcrange, Sachinart.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-49113, a critical vulnerability in Windows LDAP client. The exploit triggers a crash in the target system by leveraging the Netlogon Remote Protocol (NRPC) and sending a crafted LDAP response.

Description

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Exploits (6)

nomisec WORKING POC 516 stars
by SafeBreach-Labs · poc
https://github.com/SafeBreach-Labs/CVE-2024-49113

This repository contains a functional exploit for CVE-2024-49113, a critical vulnerability in Windows LDAP client. The exploit triggers a crash in the target system by leveraging the Netlogon Remote Protocol (NRPC) and sending a crafted LDAP response.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Windows LDAP client (specific version not specified)
No auth needed
Prerequisites: Attacker-controlled domain with specific DNS SRV records · Network access to the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SCANNER 10 stars
by barcrange · poc
https://github.com/barcrange/CVE-2024-49113-Checker

This repository contains a Python script that checks for conditions indicating potential vulnerability to CVE-2024-49113 (LDAP Nightmare). It verifies RPC connectivity, LDAP port availability, Netlogon service presence, and LDAP callback responses without exploiting the vulnerability.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows Active Directory (specific version not specified)
No auth needed
Prerequisites: Network access to target systems · Open RPC (49664) and LDAP (389) ports
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SCANNER 3 stars
by Sachinart · poc
https://github.com/Sachinart/CVE-2024-49113-Checker

This repository contains a multi-threaded scanner for CVE-2024-49113, which checks for vulnerable LDAP and RPC services by verifying port connectivity and Netlogon service availability. It does not include exploit code but identifies potentially vulnerable hosts.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows Netlogon Service
No auth needed
Prerequisites: Network access to target hosts · LDAP and RPC ports (389, 49664) accessible
devstral-2 · analyzed Feb 18, 2026 Full analysis →
github WORKING POC
by alphatin123 · pythonpoc
https://github.com/alphatin123/CVE-2024-49113

This repository contains a functional PoC for CVE-2024-49113, a Windows LDAP DoS vulnerability. The exploit triggers a crash in unpatched Windows systems by sending a malformed LDAP request via a custom LDAP server and RPC call.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Windows LDAP (Windows Server 2019, 2022; Windows 10/11 unpatched)
No auth needed
Prerequisites: Target with port 389 open · Unpatched Windows system (pre-KB5048239)
devstral-2 · analyzed Apr 30, 2026 Full analysis →
gitlab WORKING POC
by ksmith51 · poc
https://gitlab.com/ksmith51/CVE-2024-49113

This repository contains a functional exploit for CVE-2024-49113, a critical vulnerability in Windows LDAP client. The exploit leverages the Netlogon Remote Protocol (NRPC) to trigger a crash on target Windows Server systems by sending a crafted LDAP response with a referral.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Windows LDAP client (specific versions not specified)
No auth needed
Prerequisites: Attacker-controlled domain with specific DNS SRV records · Network access to target IP · Python dependencies (ldaptor, impacket)
devstral-2 · analyzed Feb 23, 2026 Full analysis →
nomisec WORKING POC
by 0xMetr0 · poc
https://github.com/0xMetr0/metasploit-ldapnightmare

This repository contains a functional Metasploit module for CVE-2024-49113, a Windows LDAP client vulnerability causing system instability. The module integrates with Metasploit, sets up an asynchronous LDAP server, and triggers the vulnerability via a crafted DsrGetDcNameEx2 RPC call.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Windows LDAP client
No auth needed
Prerequisites: Python 3.5+ · Metasploit Framework · ldaptor · impacket · DNS SRV records configured
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.8364
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-125
Status published
Products (42)
Microsoft/Windows 10 Version 1507 10.0.10240.0 - 10.0.10240.20857
Microsoft/Windows 10 Version 1607 10.0.14393.0 - 10.0.14393.7606
Microsoft/Windows 10 Version 1809 10.0.17763.0 - 10.0.17763.6659
Microsoft/Windows 10 Version 21H2 10.0.19043.0 - 10.0.19044.5247
Microsoft/Windows 10 Version 22H2 10.0.19045.0 - 10.0.19045.5247
Microsoft/Windows 11 version 22H2 10.0.22621.0 - 10.0.22621.4602
Microsoft/Windows 11 version 22H3 10.0.22631.0 - 10.0.22631.4602
Microsoft/Windows 11 Version 23H2 10.0.22631.0 - 10.0.22631.4602
Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.2605
Microsoft/Windows Server 2008 Service Pack 2 6.0.6003.0 - 6.0.6003.23016
... and 32 more
Published Dec 12, 2024
Tracked Since Feb 18, 2026