Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-3223

Опубликовано: 16 дек. 2015
Источник: redhat
CVSS2: 5
EPSS Низкий

Описание

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb (for example the AD LDAP server in Samba), would cause that application to consume an excessive amount of memory and crash.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5libldbWill not fix
Red Hat Enterprise Linux 6libldbFixedRHSA-2016:000908.01.2016
Red Hat Enterprise Linux 7libldbFixedRHSA-2016:000908.01.2016
Red Hat Gluster Storage 3.1 for RHEL 6libldbFixedRHSA-2016:001408.01.2016
Red Hat Gluster Storage 3.1 for RHEL 7libldbFixedRHSA-2016:001408.01.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1290287libldb: Remote DoS in Samba (AD) LDAP server

EPSS

Процентиль: 90%
0.05595
Низкий

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-3223

CVSS3: 5.3
ubuntu
больше 9 лет назад

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

nvd логотип

CVE-2015-3223

CVSS3: 5.3
nvd
больше 9 лет назад

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

debian логотип

CVE-2015-3223

CVSS3: 5.3
debian
больше 9 лет назад

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, ...

github логотип

GHSA-mfhq-m29x-g5ww

CVSS3: 5.3
github
больше 3 лет назад

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

fstec логотип

BDU:2021-01299

CVSS3: 5.3
fstec
больше 9 лет назад

Уязвимость функции ldb_wildcard_compare пакета программ сетевого взаимодействия Samba, связанная с ошибкой в обработке чисел, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 90%
0.05595
Низкий

5 Medium

CVSS2