PT-2018-12633 · Red Hat+3 · 389-Ds-Base+4

Pedro Sampaio

Published

2018-08-15

Updated

2024-06-15

CVE-2018-14638

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions 389-ds-base versions prior to 1.3.8.4-13

Description A flaw was found in the software, where the process ns-slapd crashes in the delete passwdPolicy function when persistent search connections are terminated unexpectedly, leading to a remote denial of service.

Recommendations For versions prior to 1.3.8.4-13, update to version 1.3.8.4-13 or later to resolve the issue. As a temporary workaround, consider restricting access to the delete passwdPolicy function to minimize the risk of exploitation.

Fix

DoS

Resource Exhaustion

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-415

Related Identifiers

ALT-PU-2018-2148

CESA-2018_2757

CVE-2018-14638

OPENSUSE-SU-2024:10593-1

RHSA-2018:2757

RHSA-2018_2757

SUSE-SU-2019:2155-1

Affected Products

389-Ds-Base

Alt Linux

Centos

Red Hat

Suse

PT-2018-12633 · Red Hat+3 · 389-Ds-Base+4

CVE-2018-14638

Weakness Enumeration

Related Identifiers

Affected Products

References · 36