Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2952 — Openldap vulnerability

CWE-3998 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

55.3%

top 1.93%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Openldap Debian Openldap

Timeline

PublishedJul 1

Latest updateMay 1

Description

liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/openldap< openldap 2.4.10-3 (bookworm)

▶Debianopenldap/openldap< 2.4.10-3+3

▶NVDopenldap/openldap47 versions+46

🔴Vulnerability Details

GHSA

GHSA-mgjr-3gvp-wpc2: liblber/io↗2022-05-01

▶

OSV

CVE-2008-2952: liblber/io↗2008-07-01

▶

💥Exploits & PoCs

Exploit-DB

OpenLDAP 2.3.41 - BER Decoding Remote Denial of Service↗2008-06-30

▶

📋Vendor Advisories

Ubuntu

OpenLDAP vulnerability↗2008-08-01

▶

Red Hat

OpenLDAP denial-of-service flaw in ASN.1 decoder↗2008-06-26

▶

Debian

CVE-2008-2952: openldap - liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a deni...↗2008

▶

💬Community

Bugzilla

CVE-2008-2952 OpenLDAP denial-of-service flaw in ASN.1 decoder↗2008-06-30

▶