Double Free Affecting openldap package, versions <2.4.44+dfsg-5


0.0
medium

Snyk CVSS

    Attack Complexity Low
    Availability High
Expand this section
NVD
6.5 medium
Expand this section
Red Hat
6.5 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-DEBIAN10-OPENLDAP-304586
  • published 29 May 2017
  • disclosed 29 May 2017

How to fix?

Upgrade Debian:10 openldap to version 2.4.44+dfsg-5 or higher.

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package. See How to fix? for Debian:10 relevant versions.

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.