CVE-2018-10935

CWE-400 — Uncontrolled Resource Consumption CWE-20 — Improper Input Validation10 documents7 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 37.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat 389 Directory Server RED HAT 389-ds-base

Timeline

PublishedSep 11

Latest updateMay 13

Description

A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDredhat/389_directory_server1.3.0.0 — 1.3.8.7+1

▶Debian389-ds-base< 1.4.0.15-1+2

▶CVEListV5red_hat/389-ds-basen/a

🔴Vulnerability Details

GHSA

GHSA-f8xp-r7x3-274c: A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort↗2022-05-13

▶

OSV

CVE-2018-10935: A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort↗2018-09-11

▶

CVEList

CVE-2018-10935: A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort↗2018-09-11

▶

📋Vendor Advisories

Red Hat

389-ds-base: ldapsearch with server side sort allows users to cause a crash↗2018-07-22

▶

Debian

CVE-2018-10935: 389-ds-base - A flaw was found in the 389 Directory Server that allows users to cause a crash ...↗2018

▶

💬Community

Bugzilla

CVE-2018-10935 389-ds-base: ldapsearch with server side sort crashes the ldap server [rhel-7.5.z]↗2018-08-10

▶

Bugzilla

CVE-2018-10935 389-ds-base: ldapsearch with server side sort allows users to cause a crash [fedora-all]↗2018-08-08

▶

Bugzilla

CVE-2018-10935 389-ds-base: ldapsearch with server side sort allows users to cause a crash↗2018-08-08

▶

Bugzilla

CVE-2018-10935 389-ds-base: ldapsearch with server side sort crashes the ldap server [rhel-7.6]↗2018-07-21

▶