CVE-2018-10850
MEDIUM389 Directory Server < 1.4.0.10 - Denial of Service via Persistent Search Race Condition
Title source: llmDescription
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.
References (6)
Core 6
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2757
Issue Tracking, Third Party Advisory x_refsource_confirm
https://pagure.io/389-ds-base/issue/49768
Patch, Third Party Advisory x_refsource_confirm
https://pagure.io/389-ds-base/c/8f04487f99a
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html
Scores
CVSS v3
5.9
EPSS
0.0157
EPSS Percentile
72.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-362
Status
published
Products (10)
debian/debian_linux
8.0
fedoraproject/389_directory_server
< 1.4.0.10
redhat/enterprise_linux
7.0
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_server
7.0
redhat/enterprise_linux_server_aus
7.6
redhat/enterprise_linux_server_eus
7.5
redhat/enterprise_linux_server_eus
7.6
redhat/enterprise_linux_server_tus
7.6
redhat/enterprise_linux_workstation
7.0
Published
Jun 13, 2018
Tracked Since
Feb 18, 2026