CVE-2012-1164Improper Restriction of Operations within the Bounds of a Memory Buffer in Openldap

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents8 sources
Severity
2.6LOWNVD
EPSS
12.7%
top 5.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
OpenldapDebian OpenldapApple Macos Catalina 10.15.2 Security Update 2019-002 Mojave Security Update 2019-007
Timeline
PublishedJun 29
Latest updateMay 17

Description

slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages5 packages

debiandebian/openldap< openldap 2.4.31-1 (bookworm)
Debianopenldap/openldap< 2.4.31-1+3
Ubuntuopenldap/openldap< 2.4.31-1+nmu2ubuntu8.1
NVDopenldap/openldap2.4.29+23

🔴Vulnerability Details

3
GHSA
GHSA-cvmw-3c66-5wx9: slapd in OpenLDAP before 22022-05-17
OSV
openldap vulnerabilities2015-05-26
OSV
CVE-2012-1164: slapd in OpenLDAP before 22012-06-29

📋Vendor Advisories

4
Apple
CVE-2012-1164: macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra2019-12-10
Ubuntu
OpenLDAP vulnerabilities2015-05-26
Red Hat
(slapd): Assertion failure by processing search queries requesting only attributes for particular entry2012-01-29
Debian
CVE-2012-1164: openldap - slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of ser...2012

💬Community

2
Bugzilla
CVE-2012-2668 CVE-2012-1164 openldap various flaws [fedora-all]2012-06-06
Bugzilla
CVE-2012-1164 openldap (slapd): Assertion failure by processing search queries requesting only attributes for particular entry2012-03-12