Main Vulnerability Database Vulnerabilities #VU34914

Off-by-one in OpenLDAP and Debian Linux - CVE-2014-8182

Published: January 3, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34914

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-8182

CWE-ID: CWE-193

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenLDAP.org
Debian

Affected software:
OpenLDAP
Debian Linux

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.

How to mitigate CVE-2014-8182

Install update from vendor's website.

Sources

https://access.redhat.com/security/cve/cve-2014-8182
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8182
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-8182
https://security-tracker.debian.org/tracker/CVE-2014-8182

Off-by-one in OpenLDAP and Debian Linux - CVE-2014-8182

Detailed vulnerability description

How to mitigate CVE-2014-8182

Sources

Please verify you're human