Filtered by vendor Openldap
Subscriptions
Total
61 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1201 | 1 Openldap | 1 Openldap | 2024-02-13 | N/A |
| ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault). | ||||
| CVE-2006-5779 | 2 Canonical, Openldap | 2 Ubuntu Linux, Openldap | 2024-02-08 | 7.5 High |
| OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. | ||||
| CVE-2010-0211 | 4 Apple, Openldap, Opensuse and 1 more | 5 Mac Os X, Mac Os X Server, Openldap and 2 more | 2024-01-21 | 9.8 Critical |
| The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. | ||||
| CVE-2021-27212 | 2 Debian, Openldap | 2 Debian Linux, Openldap | 2023-11-07 | 7.5 High |
| In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. | ||||
| CVE-2020-36230 | 4 Apache, Apple, Debian and 1 more | 5 Bookkeeper, Mac Os X, Macos and 2 more | 2023-11-07 | 7.5 High |
| A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. | ||||
| CVE-2020-36229 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2023-11-07 | 7.5 High |
| A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. | ||||
| CVE-2020-36228 | 3 Apple, Debian, Openldap | 3 Macos, Debian Linux, Openldap | 2023-11-07 | 7.5 High |
| An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. | ||||
| CVE-2020-36227 | 3 Apple, Debian, Openldap | 3 Macos, Debian Linux, Openldap | 2023-11-07 | 7.5 High |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. | ||||
| CVE-2020-36226 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2023-11-07 | 7.5 High |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. | ||||
| CVE-2020-36225 | 3 Apple, Debian, Openldap | 3 Macos, Debian Linux, Openldap | 2023-11-07 | 7.5 High |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | ||||
| CVE-2020-36224 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2023-11-07 | 7.5 High |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | ||||
| CVE-2020-36223 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2023-11-07 | 7.5 High |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). | ||||
| CVE-2020-36222 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2023-11-07 | 7.5 High |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. | ||||
| CVE-2020-36221 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2023-11-07 | 7.5 High |
| An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). | ||||
| CVE-2020-25710 | 4 Debian, Fedoraproject, Openldap and 1 more | 7 Debian Linux, Fedora, Openldap and 4 more | 2023-11-07 | 7.5 High |
| A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-25709 | 4 Apple, Debian, Openldap and 1 more | 5 Mac Os X, Macos, Debian Linux and 2 more | 2023-11-07 | 7.5 High |
| A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2019-13565 | 7 Apple, Canonical, Debian and 4 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2023-11-07 | 7.5 High |
| An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user. | ||||
| CVE-2015-6908 | 2 Apple, Openldap | 2 Mac Os X, Openldap | 2023-11-07 | N/A |
| The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. | ||||
| CVE-2015-1546 | 3 Apple, Openldap, Opensuse | 3 Mac Os X, Openldap, Opensuse | 2023-11-07 | N/A |
| Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control. | ||||
| CVE-2015-1545 | 1 Openldap | 1 Openldap | 2023-11-07 | N/A |
| The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. | ||||