Main Vulnerability Database Vulnerabilities #VU34914

#VU34914 Off-by-one in OpenLDAP and Debian Linux - CVE-2014-8182

Published: January 3, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34914

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-8182

CWE-ID: CWE-193

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenLDAP
Debian Linux

Software vendor:
OpenLDAP.org
Debian

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/security/cve/cve-2014-8182
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8182
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-8182
https://security-tracker.debian.org/tracker/CVE-2014-8182

#VU34914 Off-by-one in OpenLDAP and Debian Linux - CVE-2014-8182

Description

Remediation

External links

Please verify you're human