A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.
https://bugs.openldap.org/show_bug.cgi?id=9413
https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26
https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439
https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
Source: MITRE
Published: 2021-01-26
Updated: 2021-03-05
Type: NVD-CWE-noinfo
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
148621 | EulerOS : openldap (EulerOS-SA-2021-1753) | Nessus | Huawei Local Security Checks | medium |
148597 | EulerOS : openldap (EulerOS-SA-2021-1719) | Nessus | Huawei Local Security Checks | medium |
147794 | openSUSE Security Update : openldap2 (openSUSE-2021-408) | Nessus | SuSE Local Security Checks | medium |
147570 | SUSE SLED15 / SLES15 Security Update : openldap2 (SUSE-SU-2021:0723-1) | Nessus | SuSE Local Security Checks | medium |
147513 | EulerOS Virtualization for ARM 64 3.0.2.0 : OpenLDAP (EulerOS-SA-2021-1394) | Nessus | Huawei Local Security Checks | medium |
147134 | SUSE SLES12 Security Update : openldap2 (SUSE-SU-2021:0693-1) | Nessus | SuSE Local Security Checks | medium |
147030 | SUSE SLES12 Security Update : openldap2 (SUSE-SU-2021:0692-1) | Nessus | SuSE Local Security Checks | medium |
147004 | Photon OS 1.0: Openldap PHSA-2021-1.0-0366 | Nessus | PhotonOS Local Security Checks | medium |
146487 | Photon OS 2.0: Openldap PHSA-2021-2.0-0318 | Nessus | PhotonOS Local Security Checks | medium |
146302 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : OpenLDAP vulnerabilities (USN-4724-1) | Nessus | Ubuntu Local Security Checks | medium |
146256 | EulerOS : openldap (EulerOS-SA-2021-1269) | Nessus | Huawei Local Security Checks | medium |
146229 | EulerOS 2.0 SP9 : openldap (EulerOS-SA-2021-1250) | Nessus | Huawei Local Security Checks | medium |
146191 | Debian DLA-2544-1 : openldap security update | Nessus | Debian Local Security Checks | medium |
146122 | Debian DSA-4845-1 : openldap - security update | Nessus | Debian Local Security Checks | medium |