{"id":"CVE-2022-0918","details":"A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.","modified":"2026-04-16T04:37:24.209252032Z","published":"2022-03-16T15:15:16.173Z","related":["ALSA-2022:5823","ALSA-2022:8162","SUSE-SU-2022:1100-1","SUSE-SU-2022:1102-1","SUSE-SU-2022:1139-1","SUSE-SU-2022:2163-1","openSUSE-SU-2022:1100-1","openSUSE-SU-2024:11963-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2022-0918"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055815"},{"type":"FIX","url":"https://github.com/389ds/389-ds-base/issues/5242"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/389ds/389-ds-base","events":[{"introduced":"0"},{"last_affected":"f40c937d976e7b6e82f15b7a14af4569723336f5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.0"}]}}],"versions":["389-ds-base-1.2.10.a1","389-ds-base-1.2.10.a2","389-ds-base-1.2.10.a3","389-ds-base-1.2.10.a4","389-ds-base-1.2.10.a5","389-ds-base-1.2.10.a6","389-ds-base-1.2.10.a7","389-ds-base-1.2.10.a8","389-ds-base-1.2.10.rc1","389-ds-base-1.2.11.a1","389-ds-base-1.2.3","389-ds-base-1.2.4","389-ds-base-1.2.5.a1","389-ds-base-1.2.5.rc1","389-ds-base-1.2.5.rc2","389-ds-base-1.2.5.rc3","389-ds-base-1.2.5.rc4","389-ds-base-1.2.6.a1","389-ds-base-1.2.6.a2","389-ds-base-1.2.6.a3","389-ds-base-1.2.6.a4","389-ds-base-1.2.6.rc1","389-ds-base-1.2.6.rc2","389-ds-base-1.2.6.rc3","389-ds-base-1.2.7","389-ds-base-1.2.7.1","389-ds-base-1.2.7.2","389-ds-base-1.2.7.3","389-ds-base-1.2.7.4","389-ds-base-1.2.7.a1","389-ds-base-1.2.7.a2","389-ds-base-1.2.7.a3","389-ds-base-1.2.7.a4","389-ds-base-1.2.7.a5","389-ds-base-1.2.8.a1","389-ds-base-1.2.8.a2","389-ds-base-1.2.9.0","389-ds-base-1.2.9.1","389-ds-base-1.2.9.2","389-ds-base-1.2.9.3","389-ds-base-1.2.9.4","389-ds-base-1.2.9.5","389-ds-base-1.2.9.a1","389-ds-base-1.2.9.a2","389-ds-base-1.3.0.a1","389-ds-base-1.3.0.rc1","389-ds-base-1.3.5.0","389-ds-base-1.3.5.1","389-ds-base-1.3.5.10","389-ds-base-1.3.5.11","389-ds-base-1.3.5.12","389-ds-base-1.3.5.13","389-ds-base-1.3.5.2","389-ds-base-1.3.5.3","389-ds-base-1.3.5.4","389-ds-base-1.3.5.5","389-ds-base-1.3.5.6","389-ds-base-1.3.5.7","389-ds-base-1.3.5.8","389-ds-base-1.3.5.9","389-ds-base-1.3.6.0","389-ds-base-1.3.6.1","389-ds-base-1.3.6.2","389-ds-base-1.3.6.3","389-ds-base-1.3.6.4","389-ds-base-1.3.7.0","389-ds-base-1.3.7.2","389-ds-base-1.3.7.3","389-ds-base-1.3.7.4","389-ds-base-1.4.0.0","Directory_Server_8_1_Candidate_20090324","FedoraDirSvr10","FedoraDirSvr110a1","FedoraDirSvr110a2","FedoraDirSvr110a3","FedoraDirSvr110a3_20070320","FedoraDirSvr110a4","FedoraDirSvr110a4_20070720","FedoraDirSvr110b1","FedoraDirSvr110b1_20070813","FedoraDirSvr110b1_20070816","FedoraDirSvr110b2","FedoraDirSvr110b2_20071107","FedoraDirSvr111","FedoraDirSvr111_20080530","FedoraDirSvr_1_1_2","FedoraDirSvr_1_1_2_20080904","FedoraDirSvr_1_1_2_RC","FedoraDirSvr_1_1_2_RC2","FedoraDirSvr_1_1_2_RC_20080828","FedoraDirSvr_1_1_3_20080923","FedoraDirSvr_20051103_RTC","before-merge-nunc-stans","ldapserver7x"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0918.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}