<p>Upgrade <code>Debian:8</code> <code>openldap</code> to version 2.4.23-1 or higher.</p>

Access Restriction Bypass Affecting openldap package, versions <2.4.23-1

Threat Intelligence

96.51% (100^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN8-OPENLDAP-304669
published 28 Jul 2010
disclosed 28 Jul 2010

Report a new vulnerability Found a mistake?

Introduced: 28 Jul 2010

CVE-2010-0212 Open this link in a new tab CWE-264 Open this link in a new tab

How to fix?

Upgrade Debian:8 openldap to version 2.4.23-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Debian. See How to fix? for Debian:8 relevant fixed versions and status.

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

None
Integrity (I)

None
Availability (A)

Low