CVE-2019-10171

Published: 02 August 2019

It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
389-ds-base
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(debian: Incomplete RHEL backport)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
amurray
This is specific to RHEL due to an incomplete fix for
CVE-2018-14648

References