CVE-2019-14847
MEDIUMSamba 4.0.0-4.9.15 and 4.10.x < 4.10.10 - Denial of Service via AD DC LDAP Dirsync
Title source: llmDescription
A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html
Exploit, Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14847
Vendor Advisory
https://www.samba.org/samba/security/CVE-2019-14847.html
Vendor Advisory
https://www.synology.com/security/advisory/Synology_SA_19_35
Scores
CVSS v3
4.9
EPSS
0.0243
EPSS Percentile
85.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (4)
fedoraproject/fedora
29
fedoraproject/fedora
30
opensuse/leap
15.0
samba/samba
4.0.0 - 4.9.15
Published
Nov 06, 2019
Tracked Since
Feb 18, 2026