CVE-2018-14638
Current Description
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
Basic Data
Published | September 14, 2018 |
Last Modified | October 09, 2019 |
Assigner | cve@mitre.org |
Data Type | CVE |
Data Format | MITRE |
Data Version | 4.0 |
Problem Type | CWE-415 |
CVE Data Version | 4.0 |
Base Metric V2
CVSS 2 - Version | 2.0 |
CVSS 2 - Vector String | AV:N/AC:L/Au:N/C:N/I:N/A:P |
CVSS 2 - Access Vector | NETWORK |
CVSS 2 - Access Complexity | LOW |
CVSS 2 - Authentication | NONE |
CVSS 2 - Confidentiality Impact | NONE |
CVSS 2 - Availability Impact | PARTIAL |
CVSS 2 - Base Score | 5.0 |
Severity | MEDIUM |
Exploitability Score | 10.0 |
Impact Score | 2.9 |
Obtain All Privilege | false |
Obtain User Privilege | false |
Obtain Other Privilege | false |
Base Metric V3
CVSS 3 - Version | 3.0 |
CVSS 3 - Vector String | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CVSS 3 - Attack Vector | NETWORK |
CVSS 3 - Attack Complexity | LOW |
CVSS 3 - Privileges Required | NONE |
CVSS 3 - User Interaction | NONE |
CVSS 3 - Scope | UNCHANGED |
CVSS 3 - Confidentiality Impact | NONE |
CVSS 3 - Integrity Impact | NONE |
CVSS 3 - Availability Impact | HIGH |
CVSS 3 - Base Score | 7.5 |
CVSS 3 - Base Severity | HIGH |
Exploitability Score | 3.9 |
Base Severity | HIGH |
Configurations
-
OR - Configuration 1
Cpe Version | Part | Vendor | Product | Version | Update | Edition | Language | SW Edition | Target SW | Target HW | Other | Version Start Including | Version End Including | Version Start Excluding | Version End Excluding |
2.3 | Application | Fedoraproject | 389 Directory Server | * | * | * | * | * | * | * | * | |