VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-1880

CVE-2004-1880

Description

A memory leak in OpenLDAP's back-bdb backend allows remote attackers to cause denial of service via memory exhaustion.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in OpenLDAP's back-bdb backend allows remote attackers to cause denial of service via memory exhaustion.

Vulnerability

A memory leak exists in the back-bdb backend of OpenLDAP versions 2.1.12 and earlier. The vulnerability is triggered during normal processing of LDAP requests, leading to incremental memory consumption without release.

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending crafted LDAP queries that trigger the memory leak. No special privileges or network position are required beyond the ability to reach the OpenLDAP server.

Impact

Successful exploitation results in progressive memory exhaustion on the server, leading to a denial of service (DoS) condition. The server may become unresponsive or crash, disrupting LDAP services for legitimate users.

Mitigation

Upgrade to a version of OpenLDAP later than 2.1.12, which contains the fix for this memory leak. Refer to the Secunia advisory [1] for details on affected versions and patch availability.

References
  1. About Secunia Research | Flexera

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

63
  • OpenLDAP/Openldap63 versions
    cpe:2.3:a:openldap:openldap:1.0:*:*:*:*:*:*:*+ 62 more
    • cpe:2.3:a:openldap:openldap:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.2.12:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.2.13:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:1.2.9:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.22:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.23:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.24:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.25:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.26:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.27:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:openldap:openldap:2.1.9:*:*:*:*:*:*:*
    • (no CPE)range: <=2.1.12

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.