python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

🗓️ 29 Jun 2022 07:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 1 Views

Python-LDAP before 3.4.0 is vulnerable to DoS from untrusted schema in ldap.schema due to a regex DoS.

Reporter	Title	Published	Views	Family All 54
Tenable Nessus	Amazon Linux 2 : python-ldap (ALAS-2024-2406)	9 Jan 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : python-ldap (EulerOS-SA-2022-2662)	2 Nov 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : python-ldap (EulerOS-SA-2022-2694)	2 Nov 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : python-ldap (EulerOS-SA-2022-2739)	14 Nov 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : python-ldap (EulerOS-SA-2022-2774)	14 Nov 202200:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.10.0 : python-ldap (EulerOS-SA-2022-2914)	28 Dec 202200:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.10.1 : python-ldap (EulerOS-SA-2022-2940)	28 Dec 202200:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.9.1 : python-ldap (EulerOS-SA-2023-1200)	10 Jan 202300:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.9.0 : python-ldap (EulerOS-SA-2023-1230)	10 Jan 202300:00	–	nessus
Tenable Nessus	RHEL 6 : python-ldap (Unpatched Vulnerability)	11 May 202400:00	–	nessus

Vulners

Node

microsoft cbl2_python-ldap_3.4.0-1Range<3.4.0-1

29 Jun 2022 07:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 24

CVSS 3.16.5

EPSS0.00188

python ldap denial of service untrusted schema ldap schema parser regex vulnerability