{"api_version":"1","generated_at":"2026-04-23T02:35:24+00:00","cve":"CVE-2019-14847","urls":{"html":"https://cve.report/CVE-2019-14847","api":"https://cve.report/api/cve/CVE-2019-14847.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-14847","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-14847"},"summary":{"title":"CVE-2019-14847","description":"A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2019-11-06 10:15:00","updated_at":"2023-11-07 03:05:00"},"problem_types":["CWE-476"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/","name":"FEDORA-2019-460ad648e7","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 30 Update: samba-4.10.10-0.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html","name":"[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3563-1] samba security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/","name":"FEDORA-2019-703e299870","refsource":"","tags":[],"title":"[SECURITY] Fedora 29 Update: samba-4.9.15-0.fc29 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/","name":"FEDORA-2019-703e299870","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 29 Update: samba-4.9.15-0.fc29 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.synology.com/security/advisory/Synology_SA_19_35","name":"https://www.synology.com/security/advisory/Synology_SA_19_35","refsource":"CONFIRM","tags":[],"title":"Synology Inc.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.samba.org/samba/security/CVE-2019-14847.html","name":"https://www.samba.org/samba/security/CVE-2019-14847.html","refsource":"MISC","tags":["Vendor Advisory"],"title":"Samba - Security Announcement Archive","mime":"text/html","httpstatus":"200","archivestatus":"403"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html","name":"openSUSE-SU-2019:2458","refsource":"SUSE","tags":["Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2019:2458-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14847","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14847","refsource":"CONFIRM","tags":["Exploit","Issue Tracking"],"title":"1764142 – (CVE-2019-14847) CVE-2019-14847 samba: samba AD DC LDAP denial of service via dirsync","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/","name":"FEDORA-2019-460ad648e7","refsource":"","tags":[],"title":"[SECURITY] Fedora 30 Update: samba-4.10.10-0.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html","name":"[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2668-1] samba security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-14847","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14847","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"14847","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"29","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"14847","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"14847","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"29","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"14847","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"14847","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"14847","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"14847","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samba","cpe5":"samba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"14847","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samba","cpe5":"samba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-14847","qid":"178607","title":"Debian Security Update for samba (DLA 2668-1)"},{"cve":"CVE-2019-14847","qid":"296075","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 21.69.0 Missing (CPUAPR2020)"},{"cve":"CVE-2019-14847","qid":"6000093","title":"Debian Security Update for samba (DLA 3563-1)"},{"cve":"CVE-2019-14847","qid":"671072","title":"EulerOS Security Update for samba (EulerOS-SA-2019-2547)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-14847","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Samba","product":{"product_data":[{"product_name":"samba","version":{"version_data":[{"version_value":"samba 4.0.0 before samba 4.9.15, samba 4.10.x before 4.10.10"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-476"}]}]},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14847","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14847","refsource":"CONFIRM"},{"url":"https://www.samba.org/samba/security/CVE-2019-14847.html","refsource":"MISC","name":"https://www.samba.org/samba/security/CVE-2019-14847.html"},{"refsource":"CONFIRM","name":"https://www.synology.com/security/advisory/Synology_SA_19_35","url":"https://www.synology.com/security/advisory/Synology_SA_19_35"},{"refsource":"SUSE","name":"openSUSE-SU-2019:2458","url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html"},{"refsource":"FEDORA","name":"FEDORA-2019-703e299870","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKPYHDFI7HRELVXBE5J4MTGSI35AKFBI/"},{"refsource":"FEDORA","name":"FEDORA-2019-460ad648e7","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3IUACPZJXSC4OM6P2V4IC4QMZQZWPD/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update","url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update","url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue."}]},"impact":{"cvss":[[{"vectorString":"4.9/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","version":"3.0"}]]}},"nvd":{"publishedDate":"2019-11-06 10:15:00","lastModifiedDate":"2023-11-07 03:05:00","problem_types":["CWE-476"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":4.9,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.2,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.9.15","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10.0","versionEndExcluding":"4.10.10","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"14847","Ordinal":"154056","Title":"CVE-2019-14847","CVE":"CVE-2019-14847","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"14847","Ordinal":"1","NoteData":"A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"14847","Ordinal":"2","NoteData":"2019-11-06","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"14847","Ordinal":"3","NoteData":"2021-05-29","Type":"Other","Title":"Modified"}]}}}