Lucene search
AmazonALAS2-2023-1958HistoryFeb 17, 2023 - 12:12 a.m.
Critical: openldap
2023-02-1700:12:00
alas.aws.amazon.com
20
openldap
sql injection
ldap
yum update
EPSS
0.013
Percentile
86.0%
Issue Overview:
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. (CVE-2022-29155)
Affected Packages:
openldap
Issue Correction:
Run yum update openldap to update your system.
New Packages:
aarch64:
openldap-2.4.44-23.amzn2.0.4.aarch64
openldap-devel-2.4.44-23.amzn2.0.4.aarch64
openldap-servers-2.4.44-23.amzn2.0.4.aarch64
openldap-servers-sql-2.4.44-23.amzn2.0.4.aarch64
openldap-clients-2.4.44-23.amzn2.0.4.aarch64
openldap-debuginfo-2.4.44-23.amzn2.0.4.aarch64
i686:
openldap-2.4.44-23.amzn2.0.4.i686
openldap-devel-2.4.44-23.amzn2.0.4.i686
openldap-servers-2.4.44-23.amzn2.0.4.i686
openldap-servers-sql-2.4.44-23.amzn2.0.4.i686
openldap-clients-2.4.44-23.amzn2.0.4.i686
openldap-debuginfo-2.4.44-23.amzn2.0.4.i686
src:
openldap-2.4.44-23.amzn2.0.4.src
x86_64:
openldap-2.4.44-23.amzn2.0.4.x86_64
openldap-devel-2.4.44-23.amzn2.0.4.x86_64
openldap-servers-2.4.44-23.amzn2.0.4.x86_64
openldap-servers-sql-2.4.44-23.amzn2.0.4.x86_64
openldap-clients-2.4.44-23.amzn2.0.4.x86_64
openldap-debuginfo-2.4.44-23.amzn2.0.4.x86_64
Additional References
Red Hat: CVE-2022-29155
Mitre: CVE-2022-29155
Related
cbl_mariner
cbl_mariner
CVE-2022-29155 affecting package openldap for versions less than 2.4.57-7
2022-06-26 03:29:34
CVE-2022-29155 affecting package openldap 2.4.57-3
2022-01-26 22:53:40
nessus
nessus
Ubuntu 16.04 ESM : OpenLDAP vulnerability (USN-5424-2)
2022-05-19 00:00:00
EulerOS 2.0 SP9 : openldap (EulerOS-SA-2022-1975)
2022-07-08 00:00:00
Debian DSA-5140-1 : openldap - security update
2022-05-20 00:00:00
alpinelinux
alpinelinux
CVE-2022-29155
2022-05-04 20:15:07
openvas
openvas
Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2022-2116)
2022-07-14 00:00:00
Ubuntu: Security Advisory (USN-5424-1)
2022-05-18 00:00:00
Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2022-2005)
2022-07-08 00:00:00
mageia
mageia
Updated openldap packages fix security vulnerability
2022-05-25 21:46:18
photon
photon
Critical Photon OS Security Update - PHSA-2022-0188
2022-05-22 00:00:00
Critical Photon OS Security Update - PHSA-2022-0396
2022-05-23 00:00:00
Critical Photon OS Security Update - PHSA-2022-3.0-0396
2022-05-23 00:00:00
suse
suse
Security update for openldap2 (important)
2022-05-16 00:00:00
nvd
nvd
CVE-2022-29155
2022-05-04 20:15:07
amazon
amazon
Critical: openldap
2022-05-20 22:39:00
Critical: openldap
2022-05-20 22:13:00
Critical: openldap
2023-02-17 00:02:00
cloudfoundry
cloudfoundry
USN-5424-1: OpenLDAP vulnerability | Cloud Foundry
2022-07-29 00:00:00
ubuntucve
ubuntucve
CVE-2022-29155
2022-05-04 00:00:00
cve
cve
CVE-2022-29155
2022-05-04 20:15:07
veracode
veracode
SQL Injection
2022-06-13 13:35:11
osv
osv
openldap vulnerability
2022-05-17 11:47:37
openldap - security update
2022-05-19 00:00:00
BIT-openldap-2022-29155
2024-03-06 10:59:57
redos
redos
ROS-20230807-01
2023-08-07 00:00:00
ubuntu
ubuntu
OpenLDAP vulnerability
2022-05-19 00:00:00
OpenLDAP vulnerability
2022-05-17 00:00:00
prion
prion
Sql injection
2022-05-04 20:15:00
redhatcve
redhatcve
CVE-2022-29155
2022-05-05 03:55:44
debian
debian
[SECURITY] [DLA 3017-1] openldap security update
2022-05-24 12:09:04
[SECURITY] [DSA 5140-1] openldap security update
2022-05-19 20:01:35
cvelist
cvelist
CVE-2022-29155
2022-05-04 19:06:09
debiancve
debiancve
CVE-2022-29155
2022-05-04 20:15:07
rosalinux
rosalinux
Advisory ROSA-SA-2024-2439
2024-07-01 14:04:31
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00