CVE-2019-3883 in 389-ds-base情報

要約

〜によって MITRE

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

Red Hat, Inc.

予約する

2019年01月03日

モデレーション

承諾済み

エントリ

VDB-133450

CPE

準備完了

CWE

CWE-119 (確認済み)

CVSS

7.5 (NVD)

EPSS

0.00874

KEV

いいえ

アクティビティ

非常低い

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-3883
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-3883
CVE Details	https://www.cvedetails.com/cve/CVE-2019-3883/

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!