CVE-2018-1140

MEDIUM6.5EPSS 14.4%

Published: 8/22/2018Modified: 4/28/2026

Description

A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable

Affected packages (3)

Alpine/ldbfrom 0, < 1.3.5-r0
Alpine/sambafrom 0, < 4.8.4-r0
Debian/sambafrom 0, < 2:4.8.4+dfsg-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2018-1140
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-1140