#VU32774 Buffer overflow in OpenLDAP - CVE-2012-1164
Published: June 29, 2012 / Updated: July 28, 2020
Vulnerability identifier: #VU32774
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2012-1164
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
OpenLDAP
OpenLDAP
Software vendor:
OpenLDAP.org
OpenLDAP.org
Description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.
Remediation
Install update from vendor's website.
External links
- http://rhn.redhat.com/errata/RHSA-2012-0899.html
- http://seclists.org/fulldisclosure/2019/Dec/26
- http://secunia.com/advisories/48372
- http://secunia.com/advisories/49607
- http://security.gentoo.org/glsa/glsa-201406-36.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:130
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7143
- http://www.openldap.org/software/release/changes.html
- http://www.securityfocus.com/bid/52404
- https://seclists.org/bugtraq/2019/Dec/23
- https://support.apple.com/kb/HT210788