CVE-2024-1062: 
Alma Linux vulnerability analysis and mitigation

A heap overflow vulnerability (CVE-2024-1062) was discovered in 389-ds-base, affecting the Directory Server component. The vulnerability was first reported on January 4, 2024, and involves a denial of service condition that occurs when writing a value larger than 256 characters in log_entry_attr (NVD, Red Hat).

The vulnerability is classified as a heap-based buffer overflow (CWE-122) that occurs in the log entry attribute handling of 389-ds-base. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access is required and the primary impact is on availability (Red Hat).

The vulnerability can lead to a denial of service condition when exploited. This occurs specifically when attempting to write values larger than 256 characters in the log_entry_attr, which can cause the Directory Server service to terminate unexpectedly (Red Hat).

Multiple security updates have been released to address this vulnerability across different versions of Red Hat Enterprise Linux and Directory Server. Updates are available through various security advisories including RHSA-2024:1074, RHSA-2024:1372, RHSA-2024:3047, RHSA-2024:4209, and RHSA-2024:4633. Users are advised to update to the fixed versions available through these advisories (Red Hat).