CVE intelligence and bounded remediation
CVE-2018-10850 — Fedoraproject 389 Directory Server security vulnerability
High
CVSS 7.1
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.
- Severity
- High
- CVSS
- 7.1 (2.0)
- Published
- 2018-06-13
- CISA KEV
- Not currently listed
- Ecosystem
- software/application
- Weaknesses
- CWE-362
Affected products
- fedoraproject / 389_directory_server
- debian / debian_linux / 8.0
- redhat / enterprise_linux / 7.0
- redhat / enterprise_linux_desktop / 7.0
- redhat / enterprise_linux_server / 7.0
- redhat / enterprise_linux_server_aus / 7.6
Matched remediation archetype
Race condition, TOCTOU, and lifecycle synchronization
This catalog composition supplies bounded fallback guidance. Explicitly reviewed curated workflows load with the complete record below.
Check exposure
- Map concurrent actors, shared state, lock boundaries, signals, callbacks, retries, and check-then-use sequences in the affected path.
- Determine whether untrusted users can influence timing, object names, filesystem state, or repeated state transitions.
- Identify clustered and multi-process behavior that repository-local tests may not represent.
Remediate safely
- Make the sensitive state transition atomic or protect it with a consistently ordered synchronization primitive.
- Perform authorization and invariant checks on the same authoritative object and transaction used for the operation.
- Use unique private resources, safe ownership transfer, and idempotent operations; add deterministic concurrency regression tests.
Authoritative sources
Complete CVE record and remediation plan
The detailed catalog view below loads this exact record, its source evidence, and the full seven-phase agentic change plan.