RHEL 7 : openldap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openldap: OpenLDAP SQL injection CVE-2022-29155 - A flaw was found in OpenLDAP. This flaw allows an...

RHEL 5 : openldap-servers (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file CVE-2016-4984...

Advisory ROSA-SA-2024-2372

Software: openldap 2.4.46 OS: ROSA Virtualization 2.1 packageevrstring: openldap-2.4.46-10.el8.src.rpm CVE-ID: CVE-2020-15719 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: libldap in some third-party OpenLDAP packages has a certificate validation error when the third-party package asserts support for...

BIT-OPENLDAP-2020-12243

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service daemon crash...

BIT-OPENLDAP-2020-25692

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service...

BIT-OPENLDAP-2020-25709

A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability...

BIT-OPENLDAP-2020-25710

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23. The highest threat from this vulnerability is to system availability...

BIT-OPENLDAP-2020-36221

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service schemainit.c serialNumberAndIssuerCheck...

BIT-OPENLDAP-2020-36222

A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service...

BIT-OPENLDAP-2020-36223

A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service double free and out-of-bounds read...

BIT-OPENLDAP-2020-36224

A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service...

BIT-OPENLDAP-2020-36225

A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service...

BIT-OPENLDAP-2020-36226

A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch-bvlen miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service...

BIT-OPENLDAP-2020-36227

A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancelextop Cancel operation, resulting in denial of service...

BIT-OPENLDAP-2020-36228

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service...

BIT-OPENLDAP-2020-36229

A flaw was discovered in ldapX509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in adkeystring, resulting in denial of service...

BIT-OPENLDAP-2020-36230

A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c bernextelement, resulting in denial of service...

BIT-OPENLDAP-2021-27212

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service daemon exit via a short timestamp. This is related to schemainit.c and checkTime...

BIT-OPENLDAP-2022-29155

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

BIT-OPENLDAP-2023-2953

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in bermemallocx function...