PoC LDAPNightmare: The CVE Mix-Up (as noted by @wdormann@infosec.exchange)

Created on 2025-01-02 22:00 and updated on 2025-01-02 22:04.

Description

A PoC for CVE-2024-49113 titled “Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability.” is provided by SafeBreach.

However, there was confusion between CVE-2024-49113 (DoS) and CVE-2024-49112 (RCE - CVSS 9.8), as noted by @wdormann@infosec.exchange:

https://github.com/SafeBreach-Labs/CVE-2024-49113/commit/eb76381b2927ce78c86743267d898b4ebfcbb187

Vulnerabilities included in this bundle

CVE-2024-49113: Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
CVE-2024-49112:

Meta

[
   {
      ref: [
         "https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49113/",
         "https://infosec.exchange/@wdormann/113760656970284159",
         "https://infosec.exchange/@wdormann/113760610915798924",
         "https://github.com/SafeBreach-Labs/CVE-2024-49113",
      ],
   },
]

Author

Cédric Bonhomme

Combined sightings

Author	Vulnerability	Source	Type	Date