Search CVE reports
1 – 10 of 15 results
CVE-2011-4079
Medium priorityOff-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow,...
2 affected packages
openldap, openldap2.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openldap | — | — | — | — | — |
| openldap2.3 | — | — | — | — | — |
CVE-2011-1081
Medium prioritymodrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value...
3 affected packages
openldap, openldap2.2, openldap2.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openldap | — | — | — | — | — |
| openldap2.2 | — | — | — | — | — |
| openldap2.3 | — | — | — | — | — |
CVE-2011-1025
Negligible prioritybind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
3 affected packages
openldap, openldap2.2, openldap2.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openldap | — | — | — | — | — |
| openldap2.2 | — | — | — | — | — |
| openldap2.3 | — | — | — | — | — |
CVE-2011-1024
Medium prioritychain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass...
3 affected packages
openldap, openldap2.2, openldap2.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openldap | — | — | — | — | — |
| openldap2.2 | — | — | — | — | — |
| openldap2.3 | — | — | — | — | — |
CVE-2010-0212
Medium priorityOpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer...
3 affected packages
openldap, openldap2.2, openldap2.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openldap | — | — | — | — | — |
| openldap2.2 | — | — | — | — | — |
| openldap2.3 | — | — | — | — | — |
CVE-2010-0211
Medium priorityThe slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly...
3 affected packages
openldap, openldap2.2, openldap2.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openldap | — | — | — | — | — |
| openldap2.2 | — | — | — | — | — |
| openldap2.3 | — | — | — | — | — |
CVE-2009-3767
Medium prioritylibraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate,...
4 affected packages
openldap, openldap2, openldap2.2, openldap2.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openldap | — | — | — | — | — |
| openldap2 | — | — | — | — | — |
| openldap2.2 | — | — | — | — | — |
| openldap2.3 | — | — | — | — | — |
CVE-2008-2952
Medium priorityliblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
3 affected packages
openldap, openldap2.2, openldap2.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openldap | — | — | — | — | — |
| openldap2.2 | — | — | — | — | — |
| openldap2.3 | — | — | — | — | — |
CVE-2008-0658
Medium prioritySome fixes available 4 of 8
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related...
3 affected packages
openldap2, openldap2.2, openldap2.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openldap2 | — | — | — | — | — |
| openldap2.2 | — | — | — | — | — |
| openldap2.3 | — | — | — | — | — |
CVE-2007-6698
Medium prioritySome fixes available 4 of 8
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a...
3 affected packages
openldap2, openldap2.2, openldap2.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openldap2 | — | — | — | — | — |
| openldap2.2 | — | — | — | — | — |
| openldap2.3 | — | — | — | — | — |