Cyber Resilience

CVE-2021-4091

High

Published: 18 February 2022

Published
18 February 2022
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0034 57.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-4091 is a high-severity Double Free (CWE-415) vulnerability in Port389 389-Ds-Base. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 42.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

port389
389-ds-base
≤ 1.3.10.2
redhat
enterprise linux desktop
7
redhat
enterprise linux for ibm z systems
7.0
redhat
enterprise linux for power big endian
7.0
redhat
enterprise linux for power little endian
7.0
redhat
enterprise linux for scientific computing
7.0
redhat
enterprise linux server
7.0
redhat
enterprise linux workstation
7.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References