CVE-2005-2301: PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service…

medium5CVSS 3.1

AVNACLAuNCNINAP

PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.

Affected

22 ranges

Vendor	Product	Version range	Fixed in
debian	pdns	< pdns 2.9.18-1 (bookworm)	pdns 2.9.18-1 (bookworm)
open-xchange	pdns	>= 0 < 2.9.18-1	2.9.18-1
open-xchange	pdns	>= 0 < 2.9.18-1	2.9.18-1
open-xchange	pdns	>= 0 < 2.9.18-1	2.9.18-1
open-xchange	pdns	>= 0 < 2.9.18-1	2.9.18-1
powerdns	powerdns	—	—
powerdns	powerdns	—	—
powerdns	powerdns	—	—
powerdns	powerdns	—	—
powerdns	powerdns	—	—
powerdns	powerdns	—	—
powerdns	powerdns	—	—
powerdns	powerdns	—	—
powerdns	powerdns	—	—
powerdns	powerdns	—	—
powerdns	powerdns	—	—
powerdns	powerdns	—	—
powerdns	powerdns	—	—
powerdns	powerdns	—	—
powerdns	powerdns	—	—
powerdns	powerdns	—	—
powerdns	powerdns	—	—

CVSS provenance

nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P

osv5.0MEDIUM