Denial of Service Vulnerability in 389 Directory Server by Red Hat
CVE-2018-14638

7.5HIGH

Key Information:

Vendor

Fedora Project

Status
389-ds-base
Vendor
CVE Published:
14 September 2018

What is CVE-2018-14638?

A flaw exists in 389-ds-base prior to version 1.3.8.4-13 where the ns-slapd process crashes due to improper handling of persistent search connections. This can be triggered when connections are unexpectedly terminated, resulting in a remote denial of service condition. Users of affected versions should consider upgrading to mitigate this risk effectively.

Affected Version(s)

389-ds-base 1.3.8.4-13

References

https://access.redhat.com/errata/RHSA-2018:2757
vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638
x_refsource_CONFIRM
https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.