1. Home
  2. CVE Database
  3. CVE-2018-14624
HIGH · 7.5

CVE-2018-14624

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emer...

Vulnerability Description

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
Fedoraproject389 Directory Server<= 1.3.7.10
RedhatEnterprise Linux Desktop7.0
RedhatEnterprise Linux Server7.0
RedhatEnterprise Linux Server Aus7.6
RedhatEnterprise Linux Server Eus7.5
RedhatEnterprise Linux Server Tus7.6
RedhatEnterprise Linux Workstation7.0
DebianDebian Linux8.0

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2018-14624?

CVE-2018-14624 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emer...

How severe is CVE-2018-14624?

CVE-2018-14624 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-14624?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject 389 Directory Server, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.