CVE-2018-14638

CWE-400 — Uncontrolled Resource Consumption CWE-4158 documents7 sources

Severity

7.5HIGH

EPSS

1.4%

top 19.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject 389 Directory Server Fedora Project 389-ds-base Redhat Enterprise Linux AUS +5 more

Timeline

PublishedSep 14

Latest updateMay 13

Description

A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶Debian389-ds-base< 1.4.0.18-1+2

▶CVEListV5fedora_project/389-ds-base1.3.8.4-13

▶NVDfedoraproject/389_directory_server< 1.3.8.4

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Also affects: Enterprise Linux 7.6, 7.5

🔴Vulnerability Details

GHSA

GHSA-89rw-hgr3-hvfx: A flaw was found in 389-ds-base before version 1↗2022-05-13

▶

CVEList

CVE-2018-14638: A flaw was found in 389-ds-base before version 1↗2018-09-14

▶

OSV

CVE-2018-14638: A flaw was found in 389-ds-base before version 1↗2018-09-14

▶

📋Vendor Advisories

Red Hat

389-ds-base: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly↗2018-08-30

▶

Debian

CVE-2018-14638: 389-ds-base - A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd ...↗2018

▶

💬Community

Bugzilla

CVE-2018-14638 389-ds-base: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly [fedora-all]↗2018-10-10

▶

Bugzilla

CVE-2018-14638 389-ds-base: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly↗2018-09-06

▶