Описание
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.
A vulnerability exists in the python-ldap's ldap.dn.escape_dn_chars() helper function, where the null byte (\x00) is improperly escaped by emitting a backslash followed by a literal NUL instead of the required RFC 4514 hex form \00. When this helper is used on untrusted input to build LDAP distinguished names (DNs), it may cause a client-side failure, before any communication with the LDAP server occurs. This results in a client side denial of service (DoS) for parts of the application that rely on the helper for DN construction.
Отчет
Availability impact is considered Low, as the flaw is limited to denial of service (client-side) only.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability beyond these steps.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | automation-controller | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | python3.11-ldap | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | python3x-ldap | Fix deferred | ||
| Red Hat Enterprise Linux 10 | python-ldap | Fix deferred | ||
| Red Hat Enterprise Linux 6 | python-ldap | Out of support scope | ||
| Red Hat Enterprise Linux 7 | python-ldap | Out of support scope | ||
| Red Hat Enterprise Linux 8 | python-ldap | Out of support scope | ||
| Red Hat Enterprise Linux 9 | python-ldap | Fix deferred | ||
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-aodh-api | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-aodh-base | Out of support scope |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.
python-ldap is a lightweight directory access protocol (LDAP) client A ...
python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination
Уязвимость компонента dn.py модуля Python для работы с LDAP-каталогами Python-LDAP, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3