Access Restriction Bypass Affecting openldap package, versions [0,]


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
64.01% (99th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CONAN-OPENLDAP-10077980
  • published8 May 2025
  • disclosed28 Jul 2010
  • creditUnknown

Introduced: 28 Jul 2010

CVE-2010-0212  (opens in a new tab)
CWE-264  (opens in a new tab)

How to fix?

There is no fixed version for openldap.

Overview

Affected versions of this package are vulnerable to Access Restriction Bypass. OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.

References

CVSS Base Scores

version 3.1