CVE-2019-3824
ldb - security update
6.5
MEDIUM
CVSS 3.1
EPSS 7.7%
Description
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.
How to fix CVE-2019-3824
To remediate CVE-2019-3824, upgrade the affected package to a fixed version below.
- Debian/ldb—upgrade to 2:1.5.1+really1.4.3-2 or later
- —upgrade to 2:1.1.20-0+deb8u2 or later
- —upgrade to 2:1.1.27-1+deb9u1 or later
- —upgrade to 2:4.9.5+dfsg-1 or later
Is CVE-2019-3824 being exploited?
Moderate — EPSS is 7.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 2:1.5.1+really1.4.3-2
- from 0, < 2:1.1.20-0+deb8u2
- from 0, < 2:1.1.27-1+deb9u1
- from 0, < 2:4.9.5+dfsg-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |