{"containers": {"cna": {"affected": [{"product": "389-ds-base", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "389-ds-base 1.4.0.10"}, {"status": "affected", "version": "389-ds-base 1.3.8.3"}]}], "datePublic": "2018-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-05-15T20:06:08", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2018:2757", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2757"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://pagure.io/389-ds-base/issue/49768"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://pagure.io/389-ds-base/c/8f04487f99a"}, {"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850"}, {"name": "openSUSE-SU-2019:1397", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-10850", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "389-ds-base", "version": {"version_data": [{"version_value": "389-ds-base 1.4.0.10"}, {"version_value": "389-ds-base 1.3.8.3"}]}}]}, "vendor_name": "[UNKNOWN]"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service."}]}, "impact": {"cvss": [[{"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-362"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:2757", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2757"}, {"name": "https://pagure.io/389-ds-base/issue/49768", "refsource": "CONFIRM", "url": "https://pagure.io/389-ds-base/issue/49768"}, {"name": "https://pagure.io/389-ds-base/c/8f04487f99a", "refsource": "CONFIRM", "url": "https://pagure.io/389-ds-base/c/8f04487f99a"}, {"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850"}, {"name": "openSUSE-SU-2019:1397", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:46:47.455Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2018:2757", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2757"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pagure.io/389-ds-base/issue/49768"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pagure.io/389-ds-base/c/8f04487f99a"}, {"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850"}, {"name": "openSUSE-SU-2019:1397", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-10850", "datePublished": "2018-06-13T20:00:00", "dateReserved": "2018-05-09T00:00:00", "dateUpdated": "2024-08-05T07:46:47.455Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E8025E9-2BFF-45C2-AA8F-AEBF407409B1", "versionEndExcluding": "1.4.0.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service."}, {"lang": "es", "value": "389-ds-base en versiones anteriores a la 1.4.0.10 y 1.3.8.3 es vulnerable a una condici\u00f3n de carrera por la forma en la que 389-ds-base gestiona las b\u00fasquedas persistentes. Esto resulta en un cierre inesperado si el servidor est\u00e1 bajo carga. Un atacante an\u00f3nimo podr\u00eda explotar este error para provocar una denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2018-10850", "lastModified": "2024-11-21T03:42:08.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-13T20:29:00.277", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2757"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://pagure.io/389-ds-base/c/8f04487f99a"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://pagure.io/389-ds-base/issue/49768"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2757"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://pagure.io/389-ds-base/c/8f04487f99a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://pagure.io/389-ds-base/issue/49768"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Thierry Bordaz (Red Hat).", "affected_release": [{"advisory": "RHSA-2018:2757", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "389-ds-base-0:1.3.7.5-28.el7_5", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-09-25T00:00:00Z"}], "bugzilla": {"description": "389-ds-base: race condition on reference counter leads to DoS using persistent search", "id": "1588056", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588056"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-362", "details": ["389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.", "A race condition was found in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service."], "name": "CVE-2018-10850", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-06-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-10850\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10850\nhttps://pagure.io/389-ds-base/issue/49768"], "threat_severity": "Moderate", "upstream_fix": "389-ds-base 1.4.0.10, 389-ds-base 1.3.8.3"}