CVE-2009-5072

CWE-3993 documents3 sources
Severity
4.0MEDIUM
EPSS
0.4%
top 41.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Directory Server
Timeline
PublishedApr 21
Latest updateMay 2

Description

Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.61 (aka 6.0.0.8-TIV-ITDS-IF0003) allows remote authenticated users to cause a denial of service (memory consumption) via an empty string argument.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/tivoli_directory_server19 versions+18

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-phq4-3v3g-6mh6: Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Server (TDS) 62022-05-02
CVEList
CVE-2009-5072: Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Server (TDS) 62011-04-21
CVE-2009-5072 (MEDIUM CVSS 4) | Memory leak in the ldap_explode_dn | cvebase.io