Lucene search

[email protected]CVE-2023-2953

HistoryMay 30, 2023 - 10:15 p.m.

CVE-2023-2953

2023-05-3022:15:10

CWE-476

[email protected]

web.nvd.nist.gov

137

openldap

vulnerability

null pointer dereference

security flaw

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.3%

JSON

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

Affected configurations

Vulners

NVD

Node

openldapopenldapRange≤2.4

VendorProductVersionCPE
openldapopenldap*cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openldap	openldap	*	cpe:2.3:a:openldap:openldap::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "openldap",
    "versions": [
      {
        "version": "openldap-2.4",
        "status": "affected"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2023/Jul/47

seclists.org/fulldisclosure/2023/Jul/48

seclists.org/fulldisclosure/2023/Jul/52

access.redhat.com/security/cve/CVE-2023-2953

bugs.openldap.org/show_bug.cgi?id=9904

security.netapp.com/advisory/ntap-20230703-0005/

support.apple.com/kb/HT213843

support.apple.com/kb/HT213844

support.apple.com/kb/HT213845

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.3%

JSON

Related for CVE-2023-2953

ubuntucve1 prion1 amazon2 nessus29 cloudfoundry1 openvas23 debiancve1 mageia1 cvelist1 osv3 redhatcve1 ubuntu2 nvd1 cloudlinux1 f51 ibm1 photon3 apple3 hp1 ics2