CVE-2018-10850

moderate-risk
Published 2018-06-13

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.

Do I need to act?

~
1.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10 Medium
NETWORK / HIGH complexity

Affected Products (10)

Affected Vendors

Debian Redhat Fedoraproject

References (12)

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2757
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850
Third Party Advisory https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html
Patch https://pagure.io/389-ds-base/c/8f04487f99a
Issue Tracking https://pagure.io/389-ds-base/issue/49768
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2757
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850
Third Party Advisory https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html
Patch https://pagure.io/389-ds-base/c/8f04487f99a
Issue Tracking https://pagure.io/389-ds-base/issue/49768
38
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 4/34 · Minimal
Exposure 16/34 · Moderate