CVE-2018-16851

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.samba.org/samba/security/CVE-2018-16851.html	Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16851	Issue Tracking Third Party Advisory
https://www.debian.org/security/2018/dsa-4345	Third Party Advisory
https://usn.ubuntu.com/3827-2/	Third Party Advisory
https://usn.ubuntu.com/3827-1/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20181127-0001/	Third Party Advisory
http://www.securityfocus.com/bid/106027	Third Party Advisory VDB Entry
https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202003-52	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Information

Published : 2018-11-28 06:29

Updated : 2022-08-29 13:03

NVD link : CVE-2018-16851

Mitre link : CVE-2018-16851

JSON object : View

CWE

CWE-476

NULL Pointer Dereference

Products Affected

debian

debian_linux

canonical

ubuntu_linux

samba

samba

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.samba.org/samba/security/CVE-2018-16851.html", "name": "https://www.samba.org/samba/security/CVE-2018-16851.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16851", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16851", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.debian.org/security/2018/dsa-4345", "name": "DSA-4345", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://usn.ubuntu.com/3827-2/", "name": "USN-3827-2", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "https://usn.ubuntu.com/3827-1/", "name": "USN-3827-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "https://security.netapp.com/advisory/ntap-20181127-0001/", "name": "https://security.netapp.com/advisory/ntap-20181127-0001/", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/106027", "name": "106027", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html", "name": "[debian-lts-announce] 20181215 [SECURITY] [DLA 1607-1] samba security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://security.gentoo.org/glsa/202003-52", "name": "GLSA-202003-52", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-476"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-16851", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2018-11-28T14:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.8.7", "versionStartIncluding": "4.8.0"}, {"cpe23Uri": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.7.12", "versionStartIncluding": "4.0.0"}, {"cpe23Uri": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.9.3", "versionStartIncluding": "4.9.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-29T20:03Z"}

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2018-16851

6.5^/10

4.0^/10

Attach tags to `CVE-2018-16851`