CVE-2010-0212 — NULL Pointer Dereference in Openldap

CWE-264 CWE-476 — NULL Pointer Dereference8 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

66.9%

top 1.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openldap Debian Openldap Vmware Esxi +1 more

Timeline

PublishedJul 28

Latest updateMay 2

Description

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶debiandebian/openldap< openldap 2.4.23-1 (bookworm)

▶Debianopenldap/openldap< 2.4.23-1+3

▶NVDopenldap/openldap2.4.22

▶vmwarevmware/esxi

▶vmwarevmware/vmware_workstation

Patches

Patch: www.securityfocus.com ↗Patch: www.vupen.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-w879-m4wh-92f9: OpenLDAP 2↗2022-05-02

▶

OSV

CVE-2010-0212: OpenLDAP 2↗2010-07-28

▶

📋Vendor Advisories

VMware

VMware ESX third party updates for Service Console packages glibc, sudo, and openldap↗2011-01-04

▶

Ubuntu

OpenLDAP vulnerabilities↗2010-08-09

▶

Red Hat

openldap: modrdn processing IA5StringNormalize NULL pointer dereference↗2010-07-19

▶

Debian

CVE-2010-0212: openldap - OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via...↗2010

▶

💬Community

Bugzilla

CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference↗2010-06-18

▶