Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-16851

Опубликовано: 28 нояб. 2018
Источник: nvd
CVSS3: 6.5
CVSS3: 6.5
CVSS2: 4
EPSS Средний

Описание

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.0.0 (включая) до 4.7.12 (исключая)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.8.0 (включая) до 4.8.7 (исключая)
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Версия от 4.9.0 (включая) до 4.9.3 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 94%
0.13555
Средний

6.5 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-476
CWE-476

Связанные уязвимости

ubuntu логотип

CVE-2018-16851

CVSS3: 6.5
ubuntu
около 7 лет назад

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.

redhat логотип

CVE-2018-16851

CVSS3: 6.5
redhat
около 7 лет назад

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.

debian логотип

CVE-2018-16851

CVSS3: 6.5
debian
около 7 лет назад

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is v ...

github логотип

GHSA-48v5-hp4g-w2rv

CVSS3: 6.5
github
больше 3 лет назад

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.

fstec логотип

BDU:2019-00879

CVSS3: 6.5
fstec
около 7 лет назад

Уязвимость механизма работы поиска по протоколу LDAP пакета программ сетевого взаимодействия Samba, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 94%
0.13555
Средний

6.5 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-476
CWE-476