This security bulletin contains information about 1 vulnerabilities.
Added fixed version.
CWE-787 - Out-of-bounds Write
Exploit availability: NoDescription
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds write error when processing LDAP queries within the _sasl_add_string() function in common.c file in cyrus-sasl. A remote non-authenticated attacker can create a specially LDAP request to the affected server, trigger off-by-one error in OpenLDAP implementation and crash the service.Mitigation
Install update from vendor's website.Vulnerable software versions
Cyrus SASL: 2.1.23 - 2.1.27
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.