CVE-2006-4521

3 documents3 sources
Severity
5.0MEDIUM
EPSS
3.4%
top 12.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Edirectory
Timeline
PublishedNov 4
Latest updateMay 1

Description

The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDnovell/edirectory8.8, 8.8.1+1

Patches

Patch: labs.idefense.comPatch: secunia.comPatch: securitytracker.com

🔴Vulnerability Details

2
GHSA
GHSA-f4wj-v76w-rxmp: The BerDecodeLoginDataRequest function in the libnmasldap2022-05-01
CVEList
CVE-2006-4521: The BerDecodeLoginDataRequest function in the libnmasldap2006-11-04
CVE-2006-4521 (MEDIUM CVSS 5) | The BerDecodeLoginDataRequest funct | cvebase.io