Candidate: CVE-2019-3883
PublicDate: 2019-04-17 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3883
 https://bugzilla.redhat.com/show_bug.cgi?id=1693612
 https://pagure.io/389-ds-base/issue/50329
Description:
 In 389-ds-base up to version 1.4.1.2, requests are handled by workers
 threads. Each sockets will be waited by the worker for at most
 'ioblocktimeout' seconds. However this timeout applies only for
 un-encrypted requests. Connections using SSL/TLS are not taking this
 timeout into account during reads, and may hang longer.An unauthenticated
 attacker could repeatedly create hanging LDAP requests to hang all the
 workers, resulting in a Denial of Service.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_389-ds-base:
upstream_389-ds-base: needs-triage
precise/esm_389-ds-base: DNE
trusty_389-ds-base: ignored (reached end-of-life)
trusty/esm_389-ds-base: DNE (trusty was needs-triage)
xenial_389-ds-base: ignored (end of standard support, was needed)
bionic_389-ds-base: needed
cosmic_389-ds-base: ignored (reached end-of-life)
disco_389-ds-base: ignored (reached end-of-life)
eoan_389-ds-base: not-affected (1.4.1.5-1)
focal_389-ds-base: not-affected (1.4.1.5-1)
groovy_389-ds-base: not-affected (1.4.1.5-1)
hirsute_389-ds-base: not-affected (1.4.1.5-1)
impish_389-ds-base: not-affected (1.4.1.5-1)
jammy_389-ds-base: not-affected (1.4.1.5-1)
devel_389-ds-base: not-affected (1.4.1.5-1)