{"containers":{"cna":{"affected":[{"product":"389-ds-base","vendor":"[UNKNOWN]","versions":[{"lessThanOrEqual":"1.4.0.16","status":"affected","version":"unspecified","versionType":"custom"},{"lessThanOrEqual":"1.3.8.8","status":"affected","version":"unspecified","versionType":"custom"},{"lessThanOrEqual":"1.3.7.10","status":"affected","version":"unspecified","versionType":"custom"}]}],"datePublic":"2018-09-06T00:00:00.000Z","descriptions":[{"lang":"en","value":"A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2019-05-15T20:06:08.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2018:2757","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2018:2757"},{"tags":["x_refsource_MISC"],"url":"https://pagure.io/389-ds-base/issue/49937"},{"name":"[debian-lts-announce] 20180929 [SECURITY] [DLA 1526-1] 389-ds-base security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00037.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14624"},{"name":"openSUSE-SU-2019:1397","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T09:29:51.694Z"},"title":"CVE Program Container","references":[{"name":"RHSA-2018:2757","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2018:2757"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://pagure.io/389-ds-base/issue/49937"},{"name":"[debian-lts-announce] 20180929 [SECURITY] [DLA 1526-1] 389-ds-base security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00037.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14624"},{"name":"openSUSE-SU-2019:1397","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2018-14624","datePublished":"2018-09-06T13:00:00.000Z","dateReserved":"2018-07-27T00:00:00.000Z","dateUpdated":"2024-08-05T09:29:51.694Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}