CVE-2021-4091
High
Published: 18 February 2022
Published
18 February 2022
Modified
03 November 2025
KEV Added
—
Patch
—
CVSS Score v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.0034
57.2th percentile
Risk Priority
15
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2021-4091 is a high-severity Double Free (CWE-415) vulnerability in Port389 389-Ds-Base. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 42.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-33978
Vulnerability details
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
port389
389-ds-base
≤ 1.3.10.2
redhat
enterprise linux desktop
7
redhat
enterprise linux for ibm z systems
7.0
redhat
enterprise linux for power big endian
7.0
redhat
enterprise linux for power little endian
7.0
redhat
enterprise linux for scientific computing
7.0
redhat
enterprise linux server
7.0
redhat
enterprise linux workstation
7.0
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.