CVE-2019-14847
4.9
MEDIUM
CVSS 3.1
EPSS 2.4%
Description
A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.
How to fix CVE-2019-14847
To remediate CVE-2019-14847, upgrade the affected package to a fixed version below.
- Alpine/samba—upgrade to 4.10.10-r0 or later
- Debian/samba—upgrade to 2:4.11.0+dfsg-6 or later
Is CVE-2019-14847 being exploited?
Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.10.10-r0
- from 0, < 2:4.11.0+dfsg-6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |