Openldap Security Vulnerabilities and Issues — Openldap CVE List

Lucene search

OpenldapOpenldap

11 matches found

CVE•added 2015/09/11 4:59 p.m.•138 views

CVE-2015-6908

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

5CVSS4.1AI score0.73037EPSS

CVE•added 2015/02/12 4:59 p.m.•103 views

CVE-2015-1545

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.

5CVSS8.1AI score0.72587EPSS

CVE•added 2010/07/28 12:48 p.m.•86 views

CVE-2010-0212

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demon...

5CVSS8AI score0.64006EPSS

CVE•added 2015/02/12 4:59 p.m.•66 views

CVE-2015-1546

Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.

5CVSS6.3AI score0.10383EPSS

CVE•added 2008/07/01 9:41 p.m.•59 views

CVE-2008-2952

liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.

5CVSS9AI score0.49253EPSS

CVE•added 2002/06/25 4:0 a.m.•56 views

CVE-2001-0977

slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.

5CVSS6.5AI score0.02956EPSS

CVE•added 2011/03/20 2:0 a.m.•56 views

CVE-2011-1081

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.

5CVSS8.8AI score0.04187EPSS

CVE•added 2006/06/01 5:2 p.m.•54 views

CVE-2006-2754

Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname.

5CVSS7.6AI score0.00493EPSS

CVE•added 2006/12/13 12:28 a.m.•51 views

CVE-2006-6493

Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication ...

5.1CVSS8.1AI score0.08429EPSS

CVE•added 2005/05/10 4:0 a.m.•46 views

CVE-2003-1201

ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).

5CVSS6.6AI score0.00282EPSS

CVE•added 2005/05/10 4:0 a.m.•44 views

CVE-2004-1880

Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption).

5CVSS6.7AI score0.01079EPSS