Unrated severityNVD Advisory· Published Feb 12, 2015· Updated May 6, 2026
CVE-2015-1545
CVE-2015-1545
Description
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
Affected products
28cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*+ 27 more
- cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.37:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.38:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.39:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.40:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- www.openldap.org/its/nvdExploitVendor Advisory
- lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-07/msg00069.htmlnvd
- seclists.org/fulldisclosure/2019/Dec/26nvd
- secunia.com/advisories/62787nvd
- www.debian.org/security/2015/dsa-3209nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.openldap.org/devel/gitweb.cginvd
- www.openwall.com/lists/oss-security/2015/02/07/3nvd
- www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlnvd
- www.securityfocus.com/bid/72519nvd
- www.securitytracker.com/id/1032399nvd
- bugs.debian.org/cgi-bin/bugreport.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/100937nvd
- seclists.org/bugtraq/2019/Dec/23nvd
- support.apple.com/HT204659nvd
- support.apple.com/kb/HT210788nvd
News mentions
0No linked articles in our index yet.