A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb (for example the AD LDAP server in Samba), would cause that application to consume an excessive amount of memory and crash.
Find out more about CVE-2015-3223 from the MITRE CVE dictionary dictionary and NIST NVD.
| Base Score | 5 |
|---|---|
| Base Metrics | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Gluster Storage Server 3.1 on RHEL-7 (libldb) | RHSA-2016:0014 | 2016-01-08 |
| Red Hat Enterprise Linux 7 (libldb) | RHSA-2016:0009 | 2016-01-08 |
| Red Hat Gluster 3 Samba on RHEL-7 (libldb) | RHSA-2016:0014 | 2016-01-08 |
| Red Hat Enterprise Linux 6 (libldb) | RHSA-2016:0009 | 2016-01-08 |
| Red Hat Gluster Storage Server 3.1 on RHEL-6 (libldb) | RHSA-2016:0014 | 2016-01-08 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 5 | libldb | Will not fix |
Vulmon