RSS   Vulnerabilities for 'Openldap'   RSS

2022-05-04
 
CVE-2022-29155

CWE-89
 

 
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.

 
2021-05-28
 
CVE-2020-25710

CWE-617
 

 
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

 
2021-05-24
 
CVE-2020-20178

CWE-617
 

 
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP�??s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.

 
2021-05-18
 
CVE-2020-25709

CWE-617
 

 
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP�??s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.

 
2021-01-26
 
CVE-2020-36230

CWE-617
 

 
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.

 
 
CVE-2020-36229

CWE-843
 

 
A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.

 
 
CVE-2020-36228

CWE-191
 

 
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.

 
 
CVE-2020-36227

CWE-835
 

 
A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.

 
 
CVE-2020-36226

NVD-CWE-noinfo
 

 
A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.

 
 
CVE-2020-36225

CWE-415
 

 
A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

 


Copyright 2024, cxsecurity.com

 

Back to Top