CVE-2024-49113
"Microsoft Windows LDAP Crash"
Description
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
INFO
Published Date :
Dec. 12, 2024, 2:04 a.m.
Last Modified :
Jan. 14, 2025, 5:54 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2024-49113
vulnerability.
Even if cvefeed.io
is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|---|
CVSS 3.1 | HIGH | [email protected] |
Solution
- Apply the appropriate security updates or cumulative updates based on your Windows version.
- Reboot the system if prompted.
Public PoC/Exploit Available at Github
CVE-2024-49113 has a 15 public
PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-49113
.
URL | Resource |
---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113 | Vendor Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-49113
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-49113
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Chacal Crasher - es un sistema que intenta afectar CVE remotos actuales para crashear la plataforma remota sería lo que antes llamaban NUKER moderno.
Python
This project documents my hands-on journey in learning and conducting internal Active Directory (AD) penetration testing. The exercises simulate real-world cyberattacks to better understand security weaknesses in AD environments and how to detect, exploit, and mitigate them.
Links of research blogs published by me.
SafeBreaches CVE-2024-49113 POC(LdapNightmare) Integrated into Metasploit
Python
None
HTML Python Shell
Hi, This is to check targets vulnerable for CVE-2024-49113 in bulk, faster.
Python
CVE-2024-49113에 대한 익스플로잇. Windows Lightweight Directory Access Protocol(LDAP)의 취약성.
None
Python
LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113
Python
This repository aims to be a comprehensive collection of resources related to information security. Here, you will find a variety of scripts, programs, tutorials, and cheat sheets designed to assist security professionals, enthusiasts, and learners.
PowerShell Shell Python
None
Python Dockerfile C++ Shell JavaScript TypeScript HTML CSS
Latest CVEs with their Proof of Concept exploits.
Python
SecDB - Security Feeds
cve security-feeds vulnerability
TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things
bugbounty cve exp exploit payload poc rce vulnerability
Shell
linWinPwn is a bash script that streamlines the use of a number of Active Directory tools
penetration-testing pentesting active-directory hacking impacket bloodhound kerberoast enumeration exploitation pentest-tool adsecurity adcs kerberos mssql pentest
Shell Dockerfile
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-49113
vulnerability anywhere in the article.

-
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Hackers Could Take Over Apple Devices Via Malicious Images – Patch Now!
Apple fixes CVE-2025-43300, a flaw letting hackers hijack devices via malicious images. Users urged to update iPhone, iPad, and Mac now. Several cybersecurity researchers recently warned that a critic ... Read more

-
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Over 29,000 Unpatched Microsoft Exchange Servers Leaving Networks at Risk
A vulnerability in Microsoft Exchange leaves over 29,000 servers vulnerable. Learn how this unpatched security hole could compromise entire networks and what CISA is urging organisations to do now. A ... Read more

-
Daily CyberSecurity
The Win-DDoS Epidemic: New Flaws Weaponize Windows Domain Controllers for Massive DoS Attacks, PoC Releases
SafeBreach Labs researchers have uncovered a new class of denial-of-service (DoS) vulnerabilities in Microsoft Windows that could enable attackers to weaponize critical infrastructure — without ever b ... Read more

-
Help Net Security
Win-DDoS: Attackers can turn public domain controllers into DDoS agents
SafeBreach researchers have released details on several vulnerabilities that could be exploited by attackers to crash Windows Active Directory domain controllers (DCs), one one of which (CVE-2025-3272 ... Read more

-
CybersecurityNews
New ‘Win-DoS’ Zero-Click Vulnerabilities Turns Windows Server/Endpoint, Domain Controllers Into DDoS Botnet
LAS VEGAS — At the DEF CON 33 security conference, researchers Yair and Shahak Morag of SafeBreach Labs unveiled a new class of denial-of-service (DoS) attacks, dubbed the “Win-DoS Epidemic.” The duo ... Read more

-
The Hacker News
New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP
Aug 10, 2025Ravie LakshmananVulnerability / Network Security A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious ... Read more

-
0patch.com
Micropatches Released for Windows "LDAPNightmare" Denial of Service Vulnerability (CVE-2024-49113)
December 2024 Windows Updates brought a patch for CVE-2024-49113 a.k.a. "LDAPNightmare", a denial of service vulnerability in Windows LDAP client code. The vulnerability allows an attacker to crash th ... Read more

-
BleepingComputer
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. The tact ... Read more

-
tripwire.com
Tripwire Patch Priority Index for December 2024
Tripwire's December 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe.First on the list is a notice about Windows Common Log File System Driver (CLFS). ... Read more

-
The Hacker News
CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer
Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a su ... Read more

-
Help Net Security
January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance
Welcome to 2025 and a new year of patch excitement! In my December article, I talked about Microsoft’s Secure Future Initiative (SFI) and how it manifested in many of the Microsoft products released i ... Read more

-
Cybersecurity News
Fake LDAPNightmare PoC Exploit Conceals Information-Stealing Malware
Trend Micro researchers have uncovered a dangerous fake proof-of-concept (PoC) exploit masquerading as an exploit for CVE-2024-49113, a critical vulnerability in Microsoft’s Lightweight Directory Acce ... Read more

-
The Register
Security pros baited with fake Windows LDAP exploit traps
Security researchers are once again being lured into traps by attackers, this time with fake exploits of serious Microsoft security flaws. Trend Micro spotted what appears to be a fork of the legitima ... Read more

-
TheCyberThrone
CVE-2025-0282: Affecting Ivanti Products
OverviewCVE-2025-0282 is a critical stack-based buffer overflow vulnerability. It impacts Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for Zero Trust Access (ZTA) gateways. This vul ... Read more

-
Trend Micro
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities we ... Read more

-
TheCyberThrone
Redis was affected by CVE-2024-51741 and CVE-2024-46981
CVE-2024-51741Description:This vulnerability affects Redis, an open-source in-memory data structure store used as a database, cache, and message broker. The issue arises when an authenticated user wit ... Read more

-
The Hacker News
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan]
Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are t ... Read more

-
TheCyberThrone
CVE-2024-10957: UpdraftPlus WordPress Plugin Vulnerability
CVE-2024-10957 is a high-severity vulnerability affecting the UpdraftPlus: WP Backup & Migration Plugin for WordPress. This vulnerability, present in versions up to and including 1.24.11, enables atta ... Read more

-
TheCyberThrone
CVE-2024-43405 Vulnerability in Nuclei
CVE-2024-43405 is a high severity vulnerability identified in Nuclei, a widely used open-source vulnerability scanner. This vulnerability, affecting versions 3.0.0 to 3.3.1, allows attackers to bypass ... Read more

-
TheCyberThrone
TheCyberThrone Security Weekly Review – January 04, 2025
Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 04, 2025.CVE-2024-56512 impacts A ... Read more
The following table lists the changes that have been made to the
CVE-2024-49113
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Jan. 14, 2025
Action Type Old Value New Value Added CWE NIST NVD-CWE-noinfo Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.10240.20857 *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.10240.20857 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.7606 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.7606 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.17763.6659 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.17763.6659 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.5247 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.5247 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.4602 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.2605 *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.7606 *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.6659 *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.2966 *cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.1308 *cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.2605 Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113 No Types Assigned https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113 Vendor Advisory -
New CVE Received by [email protected]
Dec. 12, 2024
Action Type Old Value New Value Added Description Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Added CWE CWE-125 Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113