Openldap@2.0.6 Security Vulnerabilities and Issues — Openldap@2.0.6 CVE List

Lucene search

OpenldapOpenldap2.0.6

8 matches found

CVE•added 2007/10/30 7:46 p.m.•64 views

CVE-2007-5707

OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent.

7.1CVSS7.3AI score0.05435EPSS

CVE•added 2011/10/27 8:55 p.m.•59 views

CVE-2011-4079

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.

4CVSS8.9AI score0.06754EPSS

CVE•added 2002/06/25 4:0 a.m.•56 views

CVE-2001-0977

slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.

5CVSS6.5AI score0.02956EPSS

CVE•added 2007/10/30 7:46 p.m.•54 views

CVE-2007-5708

slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault)...

7.1CVSS6AI score0.02872EPSS

CVE•added 2006/12/13 12:28 a.m.•51 views

CVE-2006-6493

Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication ...

5.1CVSS8.1AI score0.02606EPSS

CVE•added 2005/04/14 4:0 a.m.•50 views

CVE-2004-0823

OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed pas...

7.5CVSS6.5AI score0.00612EPSS

CVE•added 2005/05/10 4:0 a.m.•44 views

CVE-2004-1880

Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption).

5CVSS6.7AI score0.01079EPSS

CVE•added 2005/12/21 2:3 a.m.•44 views

CVE-2005-4442

Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

7.2CVSS6.4AI score0.00085EPSS