Fluid Attacks Database

Description

A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	389-ds-base	>=0 <1.4.0.18-1	1.4.0.18-1
debian 13	389-ds-base	>=0 <1.4.0.18-1	1.4.0.18-1
debian 11	389-ds-base	>=0 <1.4.0.18-1	1.4.0.18-1
rpm rhel7.5	389-ds-base	<0:1.3.7.5-29.el7_5	0:1.3.7.5-29.el7_5
rpm rhel6	389-ds-base	-	-
rpm rhel7	389-ds-base	<0:1.3.8.4-15.el7	0:1.3.8.4-15.el7

Aliases

1. CVE-2018-146482. NVD-2018-146483. OSV-DEBIAN-2018-146484. OSV-2018-146485. SECURITY-TRACKER-CVE-2018-14648

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.