vulnerability

Debian: CVE-2019-3883: 389-ds-base -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Apr 17, 2019	May 7, 2019	Aug 15, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Apr 17, 2019

Added

May 7, 2019

Modified

Aug 15, 2025

Description

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

Solution

debian-upgrade-389-ds-base

References

CVE-2019-3883
https://attackerkb.com/topics/CVE-2019-3883
CWE-772
DEBIAN-DLA-1779-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today