CVE-2018-14629

MEDIUM6.5EPSS 9.0%

samba - security update

發布日:2018/11/28修改日:2026/4/28

描述

A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.

受影響套件(4)

Alpine/sambafrom 0, < 4.8.11-r0
Debian/sambafrom 0, < 2:4.9.2+dfsg-2
Debian/sambafrom 0, < 2:4.2.14+dfsg-0+deb8u11
Debian/sambafrom 0, < 2:4.5.12+dfsg-2+deb9u4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2018-14629
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-14629