CVE-2013-4449 — Openldap vulnerability

CWE-18910 documents8 sources

Severity

4.3MEDIUMNVD

OSV2.6

EPSS

68.7%

top 1.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openldap Debian Openldap Apple Macos Catalina 10.15.2 Security Update 2019-002 Mojave Security Update 2019-007 +1 more

Timeline

PublishedFeb 5

Latest updateMay 17

Description

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

▶debiandebian/openldap< openldap 2.4.39-1.1 (bookworm)

▶Debianopenldap/openldap< 2.4.39-1.1+3

▶Ubuntuopenldap/openldap< 2.4.31-1+nmu2ubuntu8.1

▶NVDopenldap/openldap2.4.36+30

▶Appleapple/macos_catalina_10.15.2_security_update_2019-002_mojave_security_update_2019-007

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-rmpx-9wfm-j7j4: The rwm overlay in OpenLDAP 2↗2022-05-17

▶

OSV

openldap vulnerabilities↗2015-05-26

▶

OSV

CVE-2013-4449: The rwm overlay in OpenLDAP 2↗2014-02-05

▶

📋Vendor Advisories

Apple

CVE-2013-4449: macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra↗2019-12-10

▶

Ubuntu

OpenLDAP vulnerabilities↗2015-05-26

▶

Red Hat

openldap: segfault on certain queries with rwm overlay↗2013-10-11

▶

Debian

CVE-2013-4449: openldap - The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count ...↗2013

▶

💬Community

Bugzilla

CVE-2013-4449 openldap: segfault on certain queries with rwm overlay [fedora-all]↗2014-02-03

▶

Bugzilla

CVE-2013-4449 openldap: segfault on certain queries with rwm overlay↗2013-10-15

▶