Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2015-1545

Disclosure Date: February 12, 2015
CVE-2015-1545
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • openldap

Products

  • openldap 2.4.13,
  • openldap 2.4.14,
  • openldap 2.4.15,
  • openldap 2.4.16,
  • openldap 2.4.17,
  • openldap 2.4.18,
  • openldap 2.4.19,
  • openldap 2.4.20,
  • openldap 2.4.21,
  • openldap 2.4.22,
  • openldap 2.4.23,
  • openldap 2.4.24,
  • openldap 2.4.25,
  • openldap 2.4.26,
  • openldap 2.4.27,
  • openldap 2.4.28,
  • openldap 2.4.29,
  • openldap 2.4.30,
  • openldap 2.4.31,
  • openldap 2.4.32,
  • openldap 2.4.33,
  • openldap 2.4.34,
  • openldap 2.4.35,
  • openldap 2.4.36,
  • openldap 2.4.37,
  • openldap 2.4.38,
  • openldap 2.4.39,
  • openldap 2.4.40

References

Canonical
CVE-2015-1545 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545)
BID-72519 (http://www.securityfocus.com/bid/72519)
Advisory
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=c32e74763f77675b9e144126e375977ed6dc562c
https://support.apple.com/HT204659
XF-openldap-cve20151545-dos(100937) (https://exchange.xforce.ibmcloud.com/vulnerabilities/100937)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
DSA-3209 (http://www.debian.org/security/2015/dsa-3209)
APPLE-SA-2015-04-08-2 (http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html)
http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html
SECTRACK-1032399 (http://www.securitytracker.com/id/1032399)
http://www.mandriva.com/security/advisories?name=MDVSA-2015:073
http://www.mandriva.com/security/advisories?name=MDVSA-2015:074
http://www.openldap.org/its?findid=8027
SECUNIA-62787 (http://secunia.com/advisories/62787)
[oss-security] 20150207 Re: CVE request: two OpenLDAP DoS issues (http://www.openwall.com/lists/oss-security/2015/02/07/3)
https://support.apple.com/kb/HT210788
20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (https://seclists.org/bugtraq/2019/Dec/23)
20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (http://seclists.org/fulldisclosure/2019/Dec/26)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis