CVE-2021-3480: 
Alma Linux vulnerability analysis and mitigation

A vulnerability (CVE-2021-3480) was discovered in slapi-nis versions before 0.56.7. The vulnerability involves a NULL pointer dereference during the parsing of the Binding DN in the Schema Compatibility plugin for 389 Directory Server. This security flaw was reported on March 30, 2021, and affects the 389-ds-base directory server and Red Hat Identity Management systems (Red Hat Bugzilla).

The vulnerability is classified as a NULL pointer dereference (CWE-476) that occurs during the parsing of the Binding DN in the Schema Compatibility plugin. The severity is rated as HIGH with a CVSS v3.1 base score of 7.5 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and CVSS v2.0 base score of 5.0 (Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) (NVD).

The primary impact of this vulnerability is on system availability. When exploited, an unauthenticated attacker can cause the 389-ds-base directory server to crash, resulting in a denial of service condition (Red Hat Bugzilla).

The vulnerability was patched in slapi-nis version 0.56.7. Updates were released through multiple security advisories including RHSA-2021:1983, RHSA-2021:2026, RHSA-2021:2027, and RHSA-2021:2032 for various Red Hat Enterprise Linux versions. Fedora also released updates for versions 33 and 34 (Red Hat Advisory, Fedora Update).