Lucene search

RedhatCVE-2007-5708

HistoryOct 30, 2007 - 7:46 p.m.

CVE-2007-5708

2007-10-3019:46:00

CWE-399

redhat

web.nvd.nist.gov

openldap

proxy-caching

server

memory allocation

vulnerability

nvd

cve-2007-5708

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

AI Score

Confidence

Low

EPSS

0.037

Percentile

92.0%

JSON

slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated.

Affected configurations

Nvd

Node

openldapopenldapMatch1.0

openldapopenldapMatch1.0.1

openldapopenldapMatch1.0.2

openldapopenldapMatch1.0.3

openldapopenldapMatch1.1

openldapopenldapMatch1.1.0

openldapopenldapMatch1.1.1

openldapopenldapMatch1.1.2

openldapopenldapMatch1.1.3

openldapopenldapMatch1.1.4

openldapopenldapMatch1.2

openldapopenldapMatch1.2.0

openldapopenldapMatch1.2.1

openldapopenldapMatch1.2.2

openldapopenldapMatch1.2.3

openldapopenldapMatch1.2.4

openldapopenldapMatch1.2.5

openldapopenldapMatch1.2.6

openldapopenldapMatch1.2.7

openldapopenldapMatch1.2.8

openldapopenldapMatch1.2.9

openldapopenldapMatch1.2.10

openldapopenldapMatch1.2.11

openldapopenldapMatch1.2.12

openldapopenldapMatch1.2.13

openldapopenldapMatch2.0

openldapopenldapMatch2.0.0

openldapopenldapMatch2.0.1

openldapopenldapMatch2.0.2

openldapopenldapMatch2.0.3

openldapopenldapMatch2.0.4

openldapopenldapMatch2.0.5

openldapopenldapMatch2.0.6

openldapopenldapMatch2.0.7

openldapopenldapMatch2.0.8

openldapopenldapMatch2.0.9

openldapopenldapMatch2.0.10

openldapopenldapMatch2.0.11

openldapopenldapMatch2.0.11_9

openldapopenldapMatch2.0.11_11

openldapopenldapMatch2.0.11_11s

openldapopenldapMatch2.0.12

openldapopenldapMatch2.0.13

openldapopenldapMatch2.0.14

openldapopenldapMatch2.0.15

openldapopenldapMatch2.0.16

openldapopenldapMatch2.0.17

openldapopenldapMatch2.0.18

openldapopenldapMatch2.0.19

openldapopenldapMatch2.0.20

openldapopenldapMatch2.0.21

openldapopenldapMatch2.0.22

openldapopenldapMatch2.0.23

openldapopenldapMatch2.0.24

openldapopenldapMatch2.0.25

openldapopenldapMatch2.0.26

openldapopenldapMatch2.0.27

openldapopenldapMatch2.1.2

openldapopenldapMatch2.1.3

openldapopenldapMatch2.1.4

openldapopenldapMatch2.1.5

openldapopenldapMatch2.1.6

openldapopenldapMatch2.1.7

openldapopenldapMatch2.1.8

openldapopenldapMatch2.1.9

openldapopenldapMatch2.1.10

openldapopenldapMatch2.1.11

openldapopenldapMatch2.1.12

openldapopenldapMatch2.1.13

openldapopenldapMatch2.1.14

openldapopenldapMatch2.1.15

openldapopenldapMatch2.1.16

openldapopenldapMatch2.1.17

openldapopenldapMatch2.1.18

openldapopenldapMatch2.1.19

openldapopenldapMatch2.1.20

openldapopenldapMatch2.1.21

openldapopenldapMatch2.1.22

openldapopenldapMatch2.1.23

openldapopenldapMatch2.1.24

openldapopenldapMatch2.1.25

openldapopenldapMatch2.1.26

openldapopenldapMatch2.1.27

openldapopenldapMatch2.1.28

openldapopenldapMatch2.1.29

openldapopenldapMatch2.1.30

openldapopenldapMatch2.1_.20

openldapopenldapMatch2.2.0

openldapopenldapMatch2.2.1

openldapopenldapMatch2.2.4

openldapopenldapMatch2.2.5

openldapopenldapMatch2.2.6

openldapopenldapMatch2.2.7

openldapopenldapMatch2.2.8

openldapopenldapMatch2.2.9

openldapopenldapMatch2.2.10

openldapopenldapMatch2.2.11

openldapopenldapMatch2.2.12

openldapopenldapMatch2.2.13

openldapopenldapMatch2.2.14

openldapopenldapMatch2.2.15

openldapopenldapMatch2.2.16

openldapopenldapMatch2.2.17

openldapopenldapMatch2.2.18

openldapopenldapMatch2.2.19

openldapopenldapMatch2.2.20

openldapopenldapMatch2.2.21

openldapopenldapMatch2.2.22

openldapopenldapMatch2.2.23

openldapopenldapMatch2.2.24

openldapopenldapMatch2.2.25

openldapopenldapMatch2.2.26

openldapopenldapMatch2.2.27

openldapopenldapMatch2.2.28_r2

openldapopenldapMatch2.2.29_rev_1.134

openldapopenldapMatch2.3.27_2.20061018

openldapopenldapMatch2.3.28_2.20061022

openldapopenldapMatch2.3.28_20061022

openldapopenldapMatch2.3.28_e1.0.0

VendorProductVersionCPE
openldapopenldap1.0cpe:2.3:a:openldap:openldap:1.0:*:*:*:*:*:*:*
openldapopenldap1.0.1cpe:2.3:a:openldap:openldap:1.0.1:*:*:*:*:*:*:*
openldapopenldap1.0.2cpe:2.3:a:openldap:openldap:1.0.2:*:*:*:*:*:*:*
openldapopenldap1.0.3cpe:2.3:a:openldap:openldap:1.0.3:*:*:*:*:*:*:*
openldapopenldap1.1cpe:2.3:a:openldap:openldap:1.1:*:*:*:*:*:*:*
openldapopenldap1.1.0cpe:2.3:a:openldap:openldap:1.1.0:*:*:*:*:*:*:*
openldapopenldap1.1.1cpe:2.3:a:openldap:openldap:1.1.1:*:*:*:*:*:*:*
openldapopenldap1.1.2cpe:2.3:a:openldap:openldap:1.1.2:*:*:*:*:*:*:*
openldapopenldap1.1.3cpe:2.3:a:openldap:openldap:1.1.3:*:*:*:*:*:*:*
openldapopenldap1.1.4cpe:2.3:a:openldap:openldap:1.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openldap	openldap	1.0	cpe:2.3:a:openldap:openldap:1.0:::::::*
openldap	openldap	1.0.1	cpe:2.3:a:openldap:openldap:1.0.1:::::::*
openldap	openldap	1.0.2	cpe:2.3:a:openldap:openldap:1.0.2:::::::*
openldap	openldap	1.0.3	cpe:2.3:a:openldap:openldap:1.0.3:::::::*
openldap	openldap	1.1	cpe:2.3:a:openldap:openldap:1.1:::::::*
openldap	openldap	1.1.0	cpe:2.3:a:openldap:openldap:1.1.0:::::::*
openldap	openldap	1.1.1	cpe:2.3:a:openldap:openldap:1.1.1:::::::*
openldap	openldap	1.1.2	cpe:2.3:a:openldap:openldap:1.1.2:::::::*
openldap	openldap	1.1.3	cpe:2.3:a:openldap:openldap:1.1.3:::::::*
openldap	openldap	1.1.4	cpe:2.3:a:openldap:openldap:1.1.4:::::::*