Описание
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
Отчет
This issue did not affect the versions of openldap as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include support for the deref overlay.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | openldap | Not affected | ||
| Red Hat Enterprise Linux 6 | openldap | Not affected | ||
| Red Hat Enterprise Linux 7 | openldap | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | openldap | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | openldap | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
The deref_parseCtrl function in servers/slapd/overlays/deref.c in Open ...
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
EPSS
5 Medium
CVSS2