CVE-2019-3824
Advisory lineage Upstream: 0 Downstream: 10
Modified
Published: 06 Mar 2019, 15:00
Last modified:04 Aug 2024, 19:19
Vulnerability Summary
Overall Risk (default)
medium
28/100 CVSS Score
6.5 MEDIUM
v3.0 (nvd)
EPSS Score
7.7% LOW
8% probability +0.42%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
06 Mar 2019, 15:00
Published
Vulnerability first disclosed
04 Aug 2024, 19:19
Last Modified
Vulnerability information updated
Description
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.
CVSS Metrics
- v3.0•MEDIUM•Score: 6.5CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 7.70%• Percentile: 92%
Techniques & Countermeasures
- CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
Affected Systems
- canonical•ubuntu_linux
14.04 | 16.04 | 18.04 | 18.10
- debian•debian_linux
8.0
- samba•samba
< 4.10.0
References (8)
- https://lists.debian.org/debian-lts-announce/2019/03/msg00000.html
- https://www.debian.org/security/2019/dsa-4397
- https://bugzilla.samba.org/show_bug.cgi?id=13773
- https://usn.ubuntu.com/3895-1/
- http://www.securityfocus.com/bid/107347
- https://security.netapp.com/advisory/ntap-20190226-0001/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3824
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00035.html