Amazon Linux 2 : python-ldap, --advisory ALAS2-2025-3058 (ALAS-2025-3058)

The version of python-ldap installed on the remote host is prior to 2.4.15-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3058 advisory. python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5,...

Medium: python-ldap

Issue Overview: python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this...

TencentOS Server 4: python-ldap (TSSA-2025:0845)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0845 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

SUSE-SU-2025:3839-1 Security update 5.1.1 for Multi-Linux Manager Server

This update fixes the following issues: Multi-Linux-Manager-Server-SLE-release: - Update for the release packages for fixing the EOL - Fixed migration issue bsc1243486 server-attestation-image was updated from version 5.1.7 to 5.1.10: - CVE-2025-53192: Do not use apache-commons-ognl but its...

Security update for python-ldap

This update for python-ldap fixes the following issues: CVE-2025-61911: Enforce str for escapefilterchars bsc1251912. CVE-2025-61912: Escape NULs as per RFC 4514 in escapednchars bsc1251913. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:3714-1 Security update for python-ldap

This update for python-ldap fixes the following issues: - CVE-2025-61911: Enforce str for escapefilterchars bsc1251912. - CVE-2025-61912: Escape NULs as per RFC 4514 in escapednchars bsc1251913...

Security update for python-ldap

This update for python-ldap fixes the following issues: CVE-2025-61911: Enforce str for escapefilterchars bsc1251912. CVE-2025-61912: Escape NULs as per RFC 4514 in escapednchars bsc1251913. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:3695-1 Security update for python-ldap

This update for python-ldap fixes the following issues: - CVE-2025-61911: Enforce str for escapefilterchars bsc1251912. - CVE-2025-61912: Escape NULs as per RFC 4514 in escapednchars bsc1251913...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : Python LDAP vulnerabilities (USN-7828-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7828-1 advisory. It was discovered that Python LDAP incorrectly handled special characters in the special...

CVE-2025-61911

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...

CVE-2025-61912

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to...

OPENSUSE-SU-2025:15637-1 python311-ldap-3.4.5-1.1 on GA media

These are all security issues fixed in the python311-ldap-3.4.5-1.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2025-61912

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by...

SUSE CVE-2025-61911

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue parameter, and t...

SUSE CVE-2025-61912

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to...

Improper Encoding or Escaping of Output

Overview python-ldap is a Python modules for implementing LDAP clients Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the escapednchars function. An attacker can cause client-side failures, such as unhandled exceptions or process crashes, by...

anomalydetection (=0.0.0.dev1), athiruma-cloud-governance (>=1.1.89 <=1.1.345) +28 more potentially affected by CVE-2025-61912 via python-ldap (>=2.4.19 <=3.4.4)

python-ldap PYPI version =2.4.19, =1.1.89, =3.1.2, =3.7.1, =1.0.426, =2.2.1.dev6, =0.0.2, =0.4.4, =1.0.0, =0.0.0, =1.1.0, =3.7.0, =3.8.0 and more Source cves: CVE-2025-61912 Source advisory: OSV:GHSA-P34H-WQ7J-H5V6...

GHSA-P34H-WQ7J-H5V6 python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination

Summary ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP...

anomalydetection (=0.0.0.dev1), athiruma-cloud-governance (>=1.1.89 <=1.1.345) +26 more potentially affected by CVE-2025-61912 via python-ldap (>=3.0.0 <=3.4.4)

python-ldap PYPI version =3.0.0, =1.1.89, =3.1.2, =3.7.1, =1.0.426, =2.2.1.dev6, =0.4.4, =1.0.0, =0.0.0, =1.1.0, =3.7.0, =1.0.0, =1.1.7, =1.8.4 and more Source cves: CVE-2025-61912 Source advisory: SNYK:PYTHON-PYTHONLDAP-13535054...

Improper Validation of Specified Type of Input

Overview python-ldap is a Python modules for implementing LDAP clients Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the escapefilterchars function. An attacker can bypass input sanitization and potentially manipulate or disclose LDAP data ...