Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown

CVE-2013-4449

Disclosure Date: February 05, 2014 (last updated October 05, 2023)
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
1
Attacker Value
Unknown

CVE-2014-9713

Disclosure Date: April 01, 2015 (last updated October 05, 2023)
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.
0
Attacker Value
Unknown

CVE-2015-1545

Disclosure Date: February 12, 2015 (last updated October 05, 2023)
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
0
Attacker Value
Unknown

CVE-2012-1164

Disclosure Date: June 29, 2012 (last updated October 04, 2023)
slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.
0
Attacker Value
Unknown

CVE-2012-2668

Disclosure Date: June 17, 2012 (last updated October 04, 2023)
libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.
0
Attacker Value
Unknown

CVE-2011-4079

Disclosure Date: October 27, 2011 (last updated October 04, 2023)
Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.
0