Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openldap
(Openldap)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 59 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2003-03-20 | CVE-2003-1201 | ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault). | Openldap | N/A | ||
| 2006-11-07 | CVE-2006-5779 | OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. | Ubuntu_linux, Openldap | 7.5 | ||
| 2010-07-28 | CVE-2010-0211 | The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. | Mac_os_x, Mac_os_x_server, Openldap, Opensuse, Esxi | 9.8 | ||
| 2007-10-30 | CVE-2007-5707 | OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent. | Openldap | N/A | ||
| 2008-07-01 | CVE-2008-2952 | liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error. | Openldap | N/A | ||
| 2015-02-12 | CVE-2015-1545 | The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. | Openldap | N/A | ||
| 2015-02-12 | CVE-2015-1546 | Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control. | Mac_os_x, Openldap, Opensuse | N/A | ||
| 2015-09-11 | CVE-2015-6908 | The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. | Mac_os_x, Openldap | N/A | ||
| 2019-07-26 | CVE-2019-13565 | An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches,... | Mac_os_x, Ubuntu_linux, Debian_linux, Traffix_signaling_delivery_controller, Openldap, Leap, Blockchain_platform, Solaris, Zfs_storage_appliance_kit | 7.5 | ||
| 2021-01-26 | CVE-2020-36221 | An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). | Mac_os_x, Macos, Debian_linux, Openldap | 7.5 |