Input validation error in ldb (Alpine package)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2015-3223 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
ldb (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Input validation error
EUVDB-ID: #VU33812
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2015-3223
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
MitigationInstall update from vendor's website.
Vulnerable software versionsldb (Alpine package): 1.1.21-r0
CPE2.3 External linkshttps://git.alpinelinux.org/aports/commit/?id=2c8df8d5eb5c12b722deb30952b55b164fc7111a
https://git.alpinelinux.org/aports/commit/?id=47affed1795cc5ca4cdd4625ea53ba85513f0636
https://git.alpinelinux.org/aports/commit/?id=9c474c6aa6af26b79394ed47f17a04d5b29e5026
https://git.alpinelinux.org/aports/commit/?id=c6dee5b9f0a361471955167bb2165acba300f1c5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
