Lucene search

K
cve[email protected]CVE-2010-0211
HistoryJul 28, 2010 - 12:48 p.m.

CVE-2010-0211

2010-07-2812:48:51
CWE-252
web.nvd.nist.gov
48
openldap
2.4.22
slap_modrdn2mods
remote code execution
cve-2010-0211
nvd
security vulnerability

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.789

Percentile

98.3%

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

Affected configurations

NVD
Node
openldapopenldapMatch2.4.22
Node
vmwareesxiMatch4.0
OR
vmwareesxiMatch4.1
Node
opensuseopensuseMatch11.0
Node
applemac_os_xRange10.6.010.6.5
OR
applemac_os_x_serverRange10.6.010.6.5
VendorProductVersionCPE
openldapopenldap2.4.22cpe:/a:openldap:openldap:2.4.22:::

References

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.789

Percentile

98.3%