{"containers": {"cna": {"affected": [{"product": "389-ds-base", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "389-ds-base 1.4.0.10"}, {"status": "affected", "version": "389-ds-base 1.3.8.3"}]}], "datePublic": "2018-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-05-15T20:06:08", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2018:2757", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2757"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://pagure.io/389-ds-base/issue/49768"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://pagure.io/389-ds-base/c/8f04487f99a"}, {"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850"}, {"name": "openSUSE-SU-2019:1397", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-10850", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "389-ds-base", "version": {"version_data": [{"version_value": "389-ds-base 1.4.0.10"}, {"version_value": "389-ds-base 1.3.8.3"}]}}]}, "vendor_name": "[UNKNOWN]"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service."}]}, "impact": {"cvss": [[{"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-362"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:2757", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2757"}, {"name": "https://pagure.io/389-ds-base/issue/49768", "refsource": "CONFIRM", "url": "https://pagure.io/389-ds-base/issue/49768"}, {"name": "https://pagure.io/389-ds-base/c/8f04487f99a", "refsource": "CONFIRM", "url": "https://pagure.io/389-ds-base/c/8f04487f99a"}, {"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850"}, {"name": "openSUSE-SU-2019:1397", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-10850", "datePublished": "2018-06-13T20:00:00", "dateReserved": "2018-05-09T00:00:00", "dateUpdated": "2019-05-15T20:06:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E8025E9-2BFF-45C2-AA8F-AEBF407409B1", "versionEndExcluding": "1.4.0.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service."}, {"lang": "es", "value": "389-ds-base en versiones anteriores a la 1.4.0.10 y 1.3.8.3 es vulnerable a una condici\u00f3n de carrera por la forma en la que 389-ds-base gestiona las b\u00fasquedas persistentes. Esto resulta en un cierre inesperado si el servidor est\u00e1 bajo carga. Un atacante an\u00f3nimo podr\u00eda explotar este error para provocar una denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2018-10850", "lastModified": "2019-05-15T21:29:01.600", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-06-13T20:29:00.277", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2757"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://pagure.io/389-ds-base/c/8f04487f99a"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://pagure.io/389-ds-base/issue/49768"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{}