CVE-2019-14847
Advisory lineage Upstream: 0 Downstream: 14
Modified
Published: 06 Nov 2019, 00:00
Last modified:05 Aug 2024, 00:26
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
4.9 MEDIUM
v3.0 (cve.org)
EPSS Score
2.43% LOW
2% probability -0.13%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
06 Nov 2019, 00:00
Published
Vulnerability first disclosed
05 Aug 2024, 00:26
Last Modified
Vulnerability information updated
Description
A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.
CVSS Metrics
- v3.1•MEDIUM•Score: 4.9CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
- v3.0•MEDIUM•Score: 4.9CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 2.43%• Percentile: 85%
Techniques & Countermeasures
- CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Systems
- fedoraproject•fedora
29 | 30
- opensuse•leap
15.0
- samba•samba
≥ 4.0.0, < 4.9.15 | ≥ 4.10.0, < 4.10.10 | samba 4.0.0 before samba 4.9.15, samba 4.10.x before 4.10.10
References (8)
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14847
- https://www.samba.org/samba/security/CVE-2019-14847.html
- https://www.synology.com/security/advisory/Synology_SA_19_35
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/
- https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html