Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-f4xw-eaee-tbaf

Summary In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

Aliases

alias	CVE-2019-3883

Fixed_packages

url	pkg:deb/debian/389-ds-base@1.4.1.5-1?distro=trixie
purl	pkg:deb/debian/389-ds-base@1.4.1.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.1.5-1%3Fdistro=trixie

url pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie

purl pkg:deb/debian/389-ds-base@1.4.4.11-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mdk-bqm7-mkeu

vulnerability	VCID-7dna-4mcn-jqd5

vulnerability	VCID-ft29-jr9j-jbbm

vulnerability	VCID-k27f-tsq5-73fn

vulnerability	VCID-ud9m-jz3k-bfhm

vulnerability	VCID-vadc-mdbp-q3g9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@1.4.4.11-2%3Fdistro=trixie

url pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/389-ds-base@2.3.1%2Bdfsg1-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5mdk-bqm7-mkeu

vulnerability	VCID-7dna-4mcn-jqd5

vulnerability	VCID-ft29-jr9j-jbbm

vulnerability	VCID-k27f-tsq5-73fn

vulnerability	VCID-ud9m-jz3k-bfhm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@2.3.1%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/389-ds-base@3.1.2%2Bdfsg1-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bdfsg1-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie
purl	pkg:deb/debian/389-ds-base@3.1.2%2Bvendor1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/389-ds-base@3.1.2%252Bvendor1-2%3Fdistro=trixie

Affected_packages

url pkg:rpm/redhat/389-ds-base@1.3.8.4-25.1?arch=el7_6

purl pkg:rpm/redhat/389-ds-base@1.3.8.4-25.1?arch=el7_6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f4xw-eaee-tbaf

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/389-ds-base@1.3.8.4-25.1%3Farch=el7_6

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3883.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3883.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3883

reference_id

reference_type

scores

value	0.00874
scoring_system	epss
scoring_elements	0.75615
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3883

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1693612
reference_id	1693612
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1693612

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927939
reference_id	927939
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927939

reference_url	https://access.redhat.com/errata/RHSA-2019:1896
reference_id	RHSA-2019:1896
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1896

reference_url	https://access.redhat.com/errata/RHSA-2019:3401
reference_id	RHSA-2019:3401
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3401

Weaknesses

cwe_id	772
name	Missing Release of Resource after Effective Lifetime
description	The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Exploits

Severity_range_score 5.3 - 5.3

Exploitability 0.5

Weighted_severity 4.8

Risk_score 2.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4xw-eaee-tbaf

Vulnerability Instance