CVE-2006-4175

CWE-8243 documents3 sources

Severity

7.8HIGH

EPSS

1.8%

top 17.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java System Directory Server SUN ONE Directory Server

Timeline

PublishedMar 26

Latest updateMay 1

Description

The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDsun/java_system_directory_server5.2

▶NVDsun/one_directory_server5.1, 5.2+1

🔴Vulnerability Details

GHSA

GHSA-59cj-c3fq-4chw: The LDAP server (ns-slapd) in Sun Java System Directory Server 5↗2022-05-01

▶

CVEList

CVE-2006-4175: The LDAP server (ns-slapd) in Sun Java System Directory Server 5↗2007-03-26

▶