Описание
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
Отчет
This issue does not affect Red Hat Enterprise Linux 8 because we don't ship openldap-servers subpackage with the Red Hat Enterprise Linux 8 (it is only present in the buildroot).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | openldap | Out of support scope | ||
| Red Hat Enterprise Linux 6 | compat-openldap | Out of support scope | ||
| Red Hat Enterprise Linux 6 | openldap | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-openldap | Will not fix | ||
| Red Hat Enterprise Linux 8 | openldap | Not affected | ||
| Red Hat JBoss Core Services | openldap | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | openldap | Out of support scope | ||
| Red Hat JBoss Enterprise Web Server 2 | openldap | Out of support scope | ||
| Red Hat Enterprise Linux 7 | openldap | Fixed | RHSA-2020:4041 | 29.09.2020 |
| Red Hat OpenShift Do | openshiftdo/odo-init-image-rhel7 | Fixed | RHSA-2021:0949 | 22.03.2021 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1833535openldap: denial of service via nested boolean expressions in LDAP search filters
EPSS
Процентиль: 93%
0.10757
Средний
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 6 лет назад
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
CVSS3: 7.5
nvd
почти 6 лет назад
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
CVSS3: 7.5
debian
почти 6 лет назад
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters wi ...
EPSS
Процентиль: 93%
0.10757
Средний
7.5 High
CVSS3