Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-xryf-2vae-j7gk

Summary A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.

Aliases

alias	CVE-2018-14624

Fixed_packages

url	pkg:deb/debian/389-ds-base@1.4.0.18-1?distro=trixie
purl	pkg:deb/debian/389-ds-base@1.4.0.18-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.18-1%3Fdistro=trixie

url pkg:deb/debian/389-ds-base@1.4.0.21-1

purl pkg:deb/debian/389-ds-base@1.4.0.21-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gwa-5ha9-2yep

vulnerability	VCID-6668-ae1t-43bn

vulnerability	VCID-7k3x-hspm-2bh1

vulnerability	VCID-8d2y-q7qm-ukba

vulnerability	VCID-f4xw-eaee-tbaf

vulnerability	VCID-fe6s-f2sw-tbdb

vulnerability	VCID-sfpm-3ead-t7ds

vulnerability	VCID-svne-c12c-hucb

vulnerability	VCID-sz1r-ts2d-uqam

vulnerability	VCID-twz6-mtum-qbck

vulnerability	VCID-uz8q-6ydj-x3cu

vulnerability	VCID-v1ut-bxzt-kqet

vulnerability	VCID-v94q-q9gt-zkcq

vulnerability	VCID-xv3p-gza9-4bcg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.0.21-1

url pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie

purl pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mdk-bqm7-mkeu

vulnerability	VCID-7dna-4mcn-jqd5

vulnerability	VCID-ft29-jr9j-jbbm

vulnerability	VCID-k27f-tsq5-73fn

vulnerability	VCID-ud9m-jz3k-bfhm

vulnerability	VCID-vadc-mdbp-q3g9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie

url pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mdk-bqm7-mkeu

vulnerability	VCID-7dna-4mcn-jqd5

vulnerability	VCID-ft29-jr9j-jbbm

vulnerability	VCID-k27f-tsq5-73fn

vulnerability	VCID-ud9m-jz3k-bfhm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie
purl	pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/389-ds-base@1.3.3.5-4

purl pkg:deb/debian/389-ds-base@1.3.3.5-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ncv-1mvn-3ua2

vulnerability	VCID-3182-86wa-ffgn

vulnerability	VCID-4gwa-5ha9-2yep

vulnerability	VCID-6668-ae1t-43bn

vulnerability	VCID-7k3x-hspm-2bh1

vulnerability	VCID-8d2y-q7qm-ukba

vulnerability	VCID-92hm-bx5r-2kb5

vulnerability	VCID-cuaw-efm3-5kb6

vulnerability	VCID-f4xw-eaee-tbaf

vulnerability	VCID-fe6s-f2sw-tbdb

vulnerability	VCID-kgfj-ur5s-97hd

vulnerability	VCID-kyw9-xd61-effu

vulnerability	VCID-m9ab-q9cx-suhk

vulnerability	VCID-pqup-v2we-kqat

vulnerability	VCID-qybp-25x7-6fak

vulnerability	VCID-sfpm-3ead-t7ds

vulnerability	VCID-svne-c12c-hucb

vulnerability	VCID-sz1r-ts2d-uqam

vulnerability	VCID-ta8n-wu4n-qqfq

vulnerability	VCID-tjhk-xzr6-p7dx

vulnerability	VCID-twz6-mtum-qbck

vulnerability	VCID-u5q1-nkup-f7ga

vulnerability	VCID-uz8q-6ydj-x3cu

vulnerability	VCID-v1ut-bxzt-kqet

vulnerability	VCID-v94q-q9gt-zkcq

vulnerability	VCID-wvqp-u8kz-8bd4

vulnerability	VCID-xryf-2vae-j7gk

vulnerability	VCID-xv3p-gza9-4bcg

vulnerability	VCID-yrgr-fu6h-ykh9

vulnerability	VCID-ytmc-t4we-y7gr

vulnerability	VCID-znf9-cydr-nqbm

vulnerability	VCID-zrba-h7st-jbgz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.3.5-4

url pkg:deb/debian/389-ds-base@1.3.5.17-2

purl pkg:deb/debian/389-ds-base@1.3.5.17-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ncv-1mvn-3ua2

vulnerability	VCID-3182-86wa-ffgn

vulnerability	VCID-4gwa-5ha9-2yep

vulnerability	VCID-6668-ae1t-43bn

vulnerability	VCID-7k3x-hspm-2bh1

vulnerability	VCID-8d2y-q7qm-ukba

vulnerability	VCID-f4xw-eaee-tbaf

vulnerability	VCID-fe6s-f2sw-tbdb

vulnerability	VCID-kgfj-ur5s-97hd

vulnerability	VCID-kyw9-xd61-effu

vulnerability	VCID-pqup-v2we-kqat

vulnerability	VCID-sfpm-3ead-t7ds

vulnerability	VCID-svne-c12c-hucb

vulnerability	VCID-sz1r-ts2d-uqam

vulnerability	VCID-ta8n-wu4n-qqfq

vulnerability	VCID-tjhk-xzr6-p7dx

vulnerability	VCID-twz6-mtum-qbck

vulnerability	VCID-uz8q-6ydj-x3cu

vulnerability	VCID-v1ut-bxzt-kqet

vulnerability	VCID-v94q-q9gt-zkcq

vulnerability	VCID-wvqp-u8kz-8bd4

vulnerability	VCID-xryf-2vae-j7gk

vulnerability	VCID-xv3p-gza9-4bcg

vulnerability	VCID-znf9-cydr-nqbm

vulnerability	VCID-zrba-h7st-jbgz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.3.5.17-2

url pkg:rpm/redhat/389-ds-base@1.3.7.5-28?arch=el7_5

purl pkg:rpm/redhat/389-ds-base@1.3.7.5-28?arch=el7_5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kgfj-ur5s-97hd

vulnerability	VCID-tjhk-xzr6-p7dx

vulnerability	VCID-xryf-2vae-j7gk

vulnerability	VCID-zrba-h7st-jbgz

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/389-ds-base@1.3.7.5-28%3Farch=el7_5

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14624.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14624.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14624

reference_id

reference_type

scores

value	0.01478
scoring_system	epss
scoring_elements	0.81314
published_at	2026-06-04T12:55:00Z

value	0.01478
scoring_system	epss
scoring_elements	0.81341
published_at	2026-06-05T12:55:00Z

value	0.01478
scoring_system	epss
scoring_elements	0.81344
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14624

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14624
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14624

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1619450
reference_id	1619450
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1619450

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907778
reference_id	907778
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907778

reference_url	https://access.redhat.com/errata/RHSA-2018:2757
reference_id	RHSA-2018:2757
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2757

Weaknesses

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Exploits

Severity_range_score 7.5 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xryf-2vae-j7gk

Vulnerability Instance