Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-0211

Опубликовано: 28 июл. 2010
Источник: nvd
CVSS3: 9.8
CVSS2: 5
EPSS Средний

Описание

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Версия от 10.6.0 (включая) до 10.6.5 (исключая)
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
Версия от 10.6.0 (включая) до 10.6.5 (исключая)

EPSS

Процентиль: 97%
0.42633
Средний

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-252

Связанные уязвимости

ubuntu логотип

CVE-2010-0211

CVSS3: 9.8
ubuntu
почти 15 лет назад

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

redhat логотип

CVE-2010-0211

redhat
почти 15 лет назад

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

debian логотип

CVE-2010-0211

CVSS3: 9.8
debian
почти 15 лет назад

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not ...

github логотип

GHSA-m9h3-f3g9-fqrf

CVSS3: 9.8
github
около 3 лет назад

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

oracle-oval логотип

ELSA-2010-0542

oracle-oval
почти 15 лет назад

ELSA-2010-0542: openldap security update (MODERATE)

EPSS

Процентиль: 97%
0.42633
Средний

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-252