4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.04 Low
EPSS
Percentile
91.9%
Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and
earlier allows remote attackers to cause a denial of service (slapd crash)
via a zero-length string that triggers a heap-based buffer overflow, as
demonstrated using an empty postalAddressAttribute value in an LDIF entry.
Author | Note |
---|---|
tyhicks | Per Red Hat, this may not be exploitable due to properties of the memory allocator. |
jdstrand | patch requires http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=patch;h=d0dd8616f1c68a868afeb8c2c5c09969e366e2c0 while bug exists since 2003, postalAddressValidate() is only function that could pass a 0-length string, and this is not present in 8.04 LTS. while RedHat claims heap implementation makes this not exploitable, will patch Ubuntu 10.04 and higher just in case the evaluation is incorrect. |