CVE-2019-3824

EUVD-2019-13447
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
sambasamba
𝑥
< 4.10.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ldb
bullseye
2:2.2.3-2~deb11u2
fixed
bullseye (security)
2:2.2.3-2~deb11u2
fixed
samba
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ldb
bionic
Fixed 2:1.2.3-1ubuntu0.1
released
cosmic
Fixed 2:1.4.0+really1.3.5-2ubuntu0.1
released
trusty
Fixed 1:1.1.24-0ubuntu0.14.04.2
released
xenial
Fixed 2:1.1.24-1ubuntu3.1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00035.html
http://www.securityfocus.com/bid/107347
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3824
https://bugzilla.samba.org/show_bug.cgi?id=13773
https://lists.debian.org/debian-lts-announce/2019/03/msg00000.html
https://security.netapp.com/advisory/ntap-20190226-0001/
https://usn.ubuntu.com/3895-1/
https://www.debian.org/security/2019/dsa-4397
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00035.html
http://www.securityfocus.com/bid/107347
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3824
https://bugzilla.samba.org/show_bug.cgi?id=13773
https://lists.debian.org/debian-lts-announce/2019/03/msg00000.html
https://security.netapp.com/advisory/ntap-20190226-0001/
https://usn.ubuntu.com/3895-1/
https://www.debian.org/security/2019/dsa-4397