{"id":"CVE-2021-4091","details":"A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.","modified":"2026-04-16T04:36:55.785583831Z","published":"2022-02-18T18:15:10.300Z","related":["ALSA-2022:0889","SUSE-SU-2022:2081-1","SUSE-SU-2022:2105-1","SUSE-SU-2022:2109-1","SUSE-SU-2022:2163-1","SUSE-SU-2022:2295-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030307"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-4091.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.3.10.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}