1. Home
  2. Vulnerabilities
  3. CVE-2024-49113
7.5
HIGH CVSS 3.1
CVE-2024-49113
"Microsoft Windows LDAP Crash"
Description

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

INFO

Published Date :

Dec. 12, 2024, 2:04 a.m.

Last Modified :

Jan. 14, 2025, 5:54 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Affected Products

The following products are affected by CVE-2024-49113 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Microsoft windows_server_2008
2 Microsoft windows_server_2012
3 Microsoft windows_server_2016
4 Microsoft windows_server_2019
5 Microsoft windows_10_1607
6 Microsoft windows_10_1809
7 Microsoft windows_10_21h2
8 Microsoft windows_10_22h2
9 Microsoft windows_server_2022
10 Microsoft windows_11_22h2
11 Microsoft windows_10_1507
12 Microsoft windows
13 Microsoft windows_11_23h2
14 Microsoft windows_server_2022_23h2
15 Microsoft windows_server_23h2
16 Microsoft windows_server_2012_r2
17 Microsoft windows_server_2008_r2
18 Microsoft windows_server_2008_sp2
19 Microsoft windows_11_24h2
20 Microsoft windows_server_2025
: Total Affected Vendor : 1 | Products : 20
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH [email protected]
Solution
This addresses a denial-of-service vulnerability in Windows LDAP.
  • Apply the appropriate security updates or cumulative updates based on your Windows version.
  • Reboot the system if prompted.
Public PoC/Exploit Available at Github

CVE-2024-49113 has a 15 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-49113.

URL Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113 Vendor Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-49113 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-49113 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
hackermexico/chacal

Chacal Crasher - es un sistema que intenta afectar CVE remotos actuales para crashear la plataforma remota sería lo que antes llamaban NUKER moderno.

Python

Updated: 1 week, 4 days ago
1 stars 0 fork 0 watcher
Born at : Aug. 12, 2025, 9:14 p.m. This repo has been linked 7 different CVEs too.
Profile Photo
solaconsay/Active-Directory-Penetration-Testing

This project documents my hands-on journey in learning and conducting internal Active Directory (AD) penetration testing. The exercises simulate real-world cyberattacks to better understand security weaknesses in AD environments and how to detect, exploit, and mitigate them.

Updated: 4 months ago
11 stars 2 fork 2 watcher
Born at : April 19, 2025, 12:13 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
hsvhora/research_blogs

Links of research blogs published by me.

Updated: 4 weeks ago
0 stars 0 fork 0 watcher
Born at : April 16, 2025, 9:30 a.m. This repo has been linked 21 different CVEs too.
Profile Photo
0xMetr0/metasploit-ldapnightmare

SafeBreaches CVE-2024-49113 POC(LdapNightmare) Integrated into Metasploit

Python

Updated: 6 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Feb. 15, 2025, 8:23 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
plzheheplztrying/cve_monitor

None

HTML Python Shell

Updated: 1 month, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Feb. 13, 2025, 8:50 a.m. This repo has been linked 891 different CVEs too.
Profile Photo
Sachinart/CVE-2024-49113-Checker

Hi, This is to check targets vulnerable for CVE-2024-49113 in bulk, faster.

Python

Updated: 7 months ago
3 stars 0 fork 0 watcher
Born at : Jan. 6, 2025, 11:59 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
YoonJae-rep/CVE-2024-49113

CVE-2024-49113에 대한 익스플로잇. Windows Lightweight Directory Access Protocol(LDAP)의 취약성.

Updated: 7 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Jan. 5, 2025, 1:32 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
barcrange/CVE-2024-49113-Checker

None

Python

Updated: 1 month, 1 week ago
10 stars 0 fork 0 watcher
Born at : Jan. 3, 2025, 7:05 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
SafeBreach-Labs/CVE-2024-49113

LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113

Python

Updated: 1 month, 3 weeks ago
498 stars 116 fork 116 watcher
Born at : Jan. 1, 2025, 3:48 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
Eyezuhk/InfoSec-Misc

This repository aims to be a comprehensive collection of resources related to information security. Here, you will find a variety of scripts, programs, tutorials, and cheat sheets designed to assist security professionals, enthusiasts, and learners.

PowerShell Shell Python

Updated: 5 months, 2 weeks ago
1 stars 0 fork 0 watcher
Born at : Nov. 11, 2024, 12:42 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
defHawk-tech/CVEs

None

Python Dockerfile C++ Shell JavaScript TypeScript HTML CSS

Updated: 3 weeks, 4 days ago
11 stars 4 fork 4 watcher
Born at : Nov. 6, 2024, 9:43 a.m. This repo has been linked 13 different CVEs too.
Profile Photo
0xMarcio/cve

Latest CVEs with their Proof of Concept exploits.

Python

Updated: 1 day, 6 hours ago
108 stars 13 fork 13 watcher
Born at : May 24, 2024, 11:02 a.m. This repo has been linked 83 different CVEs too.
Profile Photo
giterlizzi/secdb-feeds

SecDB - Security Feeds

cve security-feeds vulnerability

Updated: 2 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : July 1, 2022, 8:37 p.m. This repo has been linked 102 different CVEs too.
Profile Photo
GhostTroops/TOP

TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things

bugbounty cve exp exploit payload poc rce vulnerability

Shell

Updated: 1 day, 6 hours ago
705 stars 121 fork 121 watcher
Born at : March 19, 2022, 1:54 a.m. This repo has been linked 288 different CVEs too.
Profile Photo
lefayjey/linWinPwn

linWinPwn is a bash script that streamlines the use of a number of Active Directory tools

penetration-testing pentesting active-directory hacking impacket bloodhound kerberoast enumeration exploitation pentest-tool adsecurity adcs kerberos mssql pentest

Shell Dockerfile

Updated: 15 hours, 37 minutes ago
2056 stars 284 fork 284 watcher
Born at : Dec. 16, 2021, 10:13 p.m. This repo has been linked 2 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-49113 vulnerability anywhere in the article.

  • Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Hackers Could Take Over Apple Devices Via Malicious Images – Patch Now!

Apple fixes CVE-2025-43300, a flaw letting hackers hijack devices via malicious images. Users urged to update iPhone, iPad, and Mac now. Several cybersecurity researchers recently warned that a critic ... Read more

Published Date: Aug 23, 2025 (4 days, 17 hours ago)
  • Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Over 29,000 Unpatched Microsoft Exchange Servers Leaving Networks at Risk

A vulnerability in Microsoft Exchange leaves over 29,000 servers vulnerable. Learn how this unpatched security hole could compromise entire networks and what CISA is urging organisations to do now. A ... Read more

Published Date: Aug 12, 2025 (2 weeks, 1 day ago)
  • Daily CyberSecurity
The Win-DDoS Epidemic: New Flaws Weaponize Windows Domain Controllers for Massive DoS Attacks, PoC Releases

SafeBreach Labs researchers have uncovered a new class of denial-of-service (DoS) vulnerabilities in Microsoft Windows that could enable attackers to weaponize critical infrastructure — without ever b ... Read more

Published Date: Aug 12, 2025 (2 weeks, 2 days ago)
  • Help Net Security
Win-DDoS: Attackers can turn public domain controllers into DDoS agents

SafeBreach researchers have released details on several vulnerabilities that could be exploited by attackers to crash Windows Active Directory domain controllers (DCs), one one of which (CVE-2025-3272 ... Read more

Published Date: Aug 11, 2025 (2 weeks, 2 days ago)
  • CybersecurityNews
New ‘Win-DoS’ Zero-Click Vulnerabilities Turns Windows Server/Endpoint, Domain Controllers Into DDoS Botnet

LAS VEGAS — At the DEF CON 33 security conference, researchers Yair and Shahak Morag of SafeBreach Labs unveiled a new class of denial-of-service (DoS) attacks, dubbed the “Win-DoS Epidemic.” The duo ... Read more

Published Date: Aug 10, 2025 (2 weeks, 3 days ago)
  • The Hacker News
New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

Aug 10, 2025Ravie LakshmananVulnerability / Network Security A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious ... Read more

Published Date: Aug 10, 2025 (2 weeks, 3 days ago)
  • 0patch.com
Micropatches Released for Windows "LDAPNightmare" Denial of Service Vulnerability (CVE-2024-49113)

December 2024 Windows Updates brought a patch for CVE-2024-49113 a.k.a. "LDAPNightmare", a denial of service vulnerability in Windows LDAP client code. The vulnerability allows an attacker to crash th ... Read more

Published Date: Jan 14, 2025 (7 months, 1 week ago)
  • BleepingComputer
Fake LDAPNightmware exploit on GitHub spreads infostealer malware

A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. The tact ... Read more

Published Date: Jan 11, 2025 (7 months, 2 weeks ago)
  • tripwire.com
Tripwire Patch Priority Index for December 2024

Tripwire's December 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe.First on the list is a notice about Windows Common Log File System Driver (CLFS). ... Read more

Published Date: Jan 10, 2025 (7 months, 2 weeks ago)
  • The Hacker News
CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer

Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a su ... Read more

Published Date: Jan 10, 2025 (7 months, 2 weeks ago)
  • Help Net Security
January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance

Welcome to 2025 and a new year of patch excitement! In my December article, I talked about Microsoft’s Secure Future Initiative (SFI) and how it manifested in many of the Microsoft products released i ... Read more

Published Date: Jan 10, 2025 (7 months, 2 weeks ago)
  • Cybersecurity News
Fake LDAPNightmare PoC Exploit Conceals Information-Stealing Malware

Trend Micro researchers have uncovered a dangerous fake proof-of-concept (PoC) exploit masquerading as an exploit for CVE-2024-49113, a critical vulnerability in Microsoft’s Lightweight Directory Acce ... Read more

Published Date: Jan 10, 2025 (7 months, 2 weeks ago)
  • The Register
Security pros baited with fake Windows LDAP exploit traps

Security researchers are once again being lured into traps by attackers, this time with fake exploits of serious Microsoft security flaws. Trend Micro spotted what appears to be a fork of the legitima ... Read more

Published Date: Jan 09, 2025 (7 months, 2 weeks ago)
  • TheCyberThrone
CVE-2025-0282: Affecting Ivanti Products

OverviewCVE-2025-0282 is a critical stack-based buffer overflow vulnerability. It impacts Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for Zero Trust Access (ZTA) gateways. This vul ... Read more

Published Date: Jan 09, 2025 (7 months, 2 weeks ago)
  • Trend Micro
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit

In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities we ... Read more

Published Date: Jan 09, 2025 (7 months, 2 weeks ago)
  • TheCyberThrone
Redis was affected by CVE-2024-51741 and CVE-2024-46981

CVE-2024-51741Description:This vulnerability affects Redis, an open-source in-memory data structure store used as a database, cache, and message broker. The issue arises when an authenticated user wit ... Read more

Published Date: Jan 07, 2025 (7 months, 2 weeks ago)
  • The Hacker News
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan]

Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are t ... Read more

Published Date: Jan 06, 2025 (7 months, 3 weeks ago)
  • TheCyberThrone
CVE-2024-10957: UpdraftPlus WordPress Plugin Vulnerability

CVE-2024-10957 is a high-severity vulnerability affecting the UpdraftPlus: WP Backup & Migration Plugin for WordPress. This vulnerability, present in versions up to and including 1.24.11, enables atta ... Read more

Published Date: Jan 06, 2025 (7 months, 3 weeks ago)
  • TheCyberThrone
CVE-2024-43405 Vulnerability in Nuclei

CVE-2024-43405 is a high severity vulnerability identified in Nuclei, a widely used open-source vulnerability scanner. This vulnerability, affecting versions 3.0.0 to 3.3.1, allows attackers to bypass ... Read more

Published Date: Jan 06, 2025 (7 months, 3 weeks ago)
  • TheCyberThrone
TheCyberThrone Security Weekly Review – January 04, 2025

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 04, 2025.CVE-2024-56512 impacts A ... Read more

Published Date: Jan 05, 2025 (7 months, 3 weeks ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2024-49113 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Jan. 14, 2025

    Action Type Old Value New Value
    Added CWE NIST NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.10240.20857 *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.10240.20857 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.7606 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.7606 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.17763.6659 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.17763.6659 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.5247 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.5247 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.4602 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.2605 *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.7606 *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.6659 *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.2966 *cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.1308 *cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.2605
    Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113 No Types Assigned https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113 Vendor Advisory
  • New CVE Received by [email protected]

    Dec. 12, 2024

    Action Type Old Value New Value
    Added Description Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    Added CWE CWE-125
    Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 7.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact