Lucene search

K

Veracode Vulnerability DatabaseVERACODE:30247

HistoryApr 29, 2021 - 12:13 p.m.

Denial Of Service (DoS)

2021-04-2912:13:55

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

openldap

vulnerability

denial of service

saslauthzto

crash

processing

EPSS

0.013

Percentile

86.1%

openldap is vulnerable to denial of service. The vulnerability exists due to OpenLDAP leading to an invalid pointer free and slapd crash in the saslAuthzTo processing.

References

seclists.org/fulldisclosure/2021/May/64

seclists.org/fulldisclosure/2021/May/65

seclists.org/fulldisclosure/2021/May/70

bugs.openldap.org/show_bug.cgi?id=9409

git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65

git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26

git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439

git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8

git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57

lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

lists.debian.org/debian-lts-announce/2021/02/msg00005.html

secdb.alpinelinux.org/edge/main.yaml

secdb.alpinelinux.org/v3.13/main.yaml

security.netapp.com/advisory/ntap-20210226-0002/

support.apple.com/kb/HT212529

support.apple.com/kb/HT212530

support.apple.com/kb/HT212531

www.debian.org/security/2021/dsa-4845

EPSS

0.013

Percentile

86.1%

Related for VERACODE:30247

alpinelinux1 cve1 redhatcve1 osv5 debiancve1 nvd1 ubuntucve1 prion1 cbl_mariner1 cvelist1 nessus35 openvas27 debian3 ubuntu1 photon8 amazon2 suse1 mageia1 redos1 rosalinux1 apple3 ibm1 ics1