CVE-2019-14847

Published: Nov 6, 2019Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.

Affected (5)

Products: Samba: Samba · Fedoraproject: Fedora · Opensuse: Leap

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Samba Samba	From 4.0.0 to 4.9.15
Samba Samba	From 4.10.0 to 4.10.10

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30
Opensuse Leap	Version 15.0

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (16)

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14847

Source: secalert@redhat.com

ExploitIssue Tracking

https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html

Source: secalert@redhat.com

https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/

Source: secalert@redhat.com

https://www.samba.org/samba/security/CVE-2019-14847.html

Source: secalert@redhat.com

Vendor Advisory

https://www.synology.com/security/advisory/Synology_SA_19_35

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html