{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58402?format=json","vulnerability_id":"VCID-5mdk-bqm7-mkeu","summary":"A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.","aliases":[{"alias":"CVE-2024-1062"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87696?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.4%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87668?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87667?format=json","purl":"pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87666?format=json","purl":"pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"},{"vulnerability":"VCID-vadc-mdbp-q3g9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87664?format=json","purl":"pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-7dna-4mcn-jqd5"},{"vulnerability":"VCID-ft29-jr9j-jbbm"},{"vulnerability":"VCID-k27f-tsq5-73fn"},{"vulnerability":"VCID-ud9m-jz3k-bfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/111468?format=json","purl":"pkg:rpm/redhat/389-ds-base@2.2.4-9?arch=el9_2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4gwa-5ha9-2yep"},{"vulnerability":"VCID-5mdk-bqm7-mkeu"},{"vulnerability":"VCID-6668-ae1t-43bn"},{"vulnerability":"VCID-svne-c12c-hucb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/389-ds-base@2.2.4-9%3Farch=el9_2"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1062.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1062.json"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066120","reference_id":"1066120","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066120"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261879","reference_id":"2261879","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2261879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1074","reference_id":"RHSA-2024:1074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1372","reference_id":"RHSA-2024:1372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3047","reference_id":"RHSA-2024:3047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4209","reference_id":"RHSA-2024:4209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4633","reference_id":"RHSA-2024:4633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5690","reference_id":"RHSA-2024:5690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7458","reference_id":"RHSA-2024:7458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1632","reference_id":"RHSA-2025:1632","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1632"}],"weaknesses":[{"cwe_id":122,"name":"Heap-based Buffer Overflow","description":"A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc()."}],"exploits":[],"severity_range_score":"5.5 - 5.5","exploitability":"0.5","weighted_severity":"5.0","risk_score":2.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5mdk-bqm7-mkeu"}