CVE-2015-1546

Опубликовано: 03 фев. 2015

Источник: redhat

CVSS2: 5

Описание

Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.

Отчет

Although we do ship the vulnerable function, the attack vector demonstrated in the original report does not apply to us, as we've never backported the patch that introduces this particular attack vector. We're currently unaware of an attack vector that applies to us. Red Hat Product Security has rated this issue as having a security impact of Moderate. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	openldap	Not affected
Red Hat Enterprise Linux 6	openldap	Not affected
Red Hat Enterprise Linux 7	openldap	Not affected
Red Hat JBoss Enterprise Application Platform 5	openldap	Will not fix
Red Hat JBoss Enterprise Application Platform 6	openldap	Will not fix