Openldap
by OpenLDAP
Source repositories
CVEs (62)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-0211 | Cri | 0.69 | 9.8 | 0.29 | Jul 28, 2010 | The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN… | ||
| CVE-2006-5779 | Hig | 0.55 | 7.5 | 0.75 | Nov 7, 2006 | OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. | ||
| CVE-2017-17740 | Hig | 0.49 | 7.5 | 0.07 | Dec 18, 2017 | contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN… | ||
| CVE-2015-3276 | Hig | 0.49 | 7.5 | 0.05 | Dec 7, 2015 | The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. | ||
| CVE-2017-9287 | Med | 0.43 | 6.5 | 0.07 | May 29, 2017 | servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. | ||
| CVE-2017-14159 | Med | 0.31 | 4.7 | 0.00 | Sep 5, 2017 | slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat… | ||
| CVE-2016-4984 | Med | 0.31 | 4.7 | 0.00 | Jul 17, 2017 | /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it. | ||
| CVE-2015-6908 | 0.05 | — | 0.20 | Sep 11, 2015 | The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. | |||
| CVE-2011-1081 | 0.04 | — | 0.14 | Mar 20, 2011 | modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field. | |||
| CVE-2008-2952 | 0.04 | — | 0.13 | Jul 1, 2008 | liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error. | |||
| CVE-2006-6493 | 0.04 | — | 0.09 | Dec 13, 2006 | Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the… | |||
| CVE-2020-25709 | 0.03 | — | 0.03 | May 18, 2021 | A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. | |||
| CVE-2000-0336 | 0.03 | — | 0.01 | Apr 21, 2000 | Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. | |||
| CVE-2021-27212 | 0.02 | — | 0.64 | Feb 14, 2021 | In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. | |||
| CVE-2022-29155 | 0.01 | — | 0.70 | May 4, 2022 | In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack… | |||
| CVE-2020-25710 | 0.01 | — | 0.03 | May 28, 2021 | A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. | |||
| CVE-2020-12243 | 0.01 | — | 0.04 | Apr 28, 2020 | In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | |||
| CVE-2015-1545 | 0.01 | — | 0.11 | Feb 12, 2015 | The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. | |||
| CVE-2013-4449 | 0.01 | — | 0.11 | Feb 5, 2014 | The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while… | |||
| CVE-2002-1378 | 0.01 | — | 0.07 | Jan 2, 2003 | Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious… |
- risk 0.69cvss 9.8epss 0.29
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN…
- risk 0.55cvss 7.5epss 0.75
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
- risk 0.49cvss 7.5epss 0.07
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN…
- risk 0.49cvss 7.5epss 0.05
The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
- risk 0.43cvss 6.5epss 0.07
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
- risk 0.31cvss 4.7epss 0.00
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat…
- risk 0.31cvss 4.7epss 0.00
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
- CVE-2015-6908Sep 11, 2015risk 0.05cvss —epss 0.20
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
- CVE-2011-1081Mar 20, 2011risk 0.04cvss —epss 0.14
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
- CVE-2008-2952Jul 1, 2008risk 0.04cvss —epss 0.13
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
- CVE-2006-6493Dec 13, 2006risk 0.04cvss —epss 0.09
Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the…
- CVE-2020-25709May 18, 2021risk 0.03cvss —epss 0.03
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
- CVE-2000-0336Apr 21, 2000risk 0.03cvss —epss 0.01
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
- CVE-2021-27212Feb 14, 2021risk 0.02cvss —epss 0.64
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.
- CVE-2022-29155May 4, 2022risk 0.01cvss —epss 0.70
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack…
- CVE-2020-25710May 28, 2021risk 0.01cvss —epss 0.03
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
- CVE-2020-12243Apr 28, 2020risk 0.01cvss —epss 0.04
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
- CVE-2015-1545Feb 12, 2015risk 0.01cvss —epss 0.11
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
- CVE-2013-4449Feb 5, 2014risk 0.01cvss —epss 0.11
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while…
- CVE-2002-1378Jan 2, 2003risk 0.01cvss —epss 0.07
Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious…
Page 1 of 4