{"id":"CVE-2018-14629","details":"A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.","modified":"2026-04-16T01:40:15.183632252Z","published":"2018-11-28T14:29:00.250Z","related":["SUSE-SU-2018:4066-1","openSUSE-SU-2024:11365-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"12.04"}]},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"14.04"}]},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"16.04"}]},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"18.04"}]},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"18.10"}]},{"cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"}]},{"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"}]}]},"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106022"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00005.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-52"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20181127-0001/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3827-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3827-2/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4345"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14629"},{"type":"FIX","url":"https://www.samba.org/samba/security/CVE-2018-14629.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/samba-team/samba","events":[{"introduced":"df33344d8eb40221d60c99931690703a11d91bc2"},{"fixed":"b7d190f89d7674cf58a02486fa9887d393918611"},{"introduced":"5a9d09fee44052e18ce241ec28f78498d2e20d73"},{"fixed":"cd870beb978a334b948c6992059540c864dd2540"},{"introduced":"91c4bf85967339fff09f6576c6756d3695390e13"},{"fixed":"40c057c900a9367e8020c943d29547ea8942212f"}],"database_specific":{"cpe":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"4.0.0"},{"fixed":"4.7.12"},{"introduced":"4.8.0"},{"fixed":"4.8.7"},{"introduced":"4.8.8"},{"fixed":"4.9.3"}]}}],"versions":["ldb-1.3.3","ldb-1.3.4","ldb-1.3.6","samba-4.8.0","samba-4.8.1","samba-4.8.2","samba-4.8.3","samba-4.8.5","samba-4.8.6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14629.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}