CVE-2014-8182

CWE-1936 documents6 sources

Severity

7.5HIGH

EPSS

5.2%

top 10.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openldap Openldap Debian Debian Linux

Timeline

PublishedJan 2

Latest updateMay 17

Description

An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5openldap/openldap2.4

▶NVDopenldap/openldap2.4

Also affects: Debian Linux 10.0, 8.0, 9.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.suse.com ↗Patch: security-tracker.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-mr56-3w7m-88hw: An off-by-one error leading to a crash was discovered in openldap 2↗2022-05-17

▶

CVEList

CVE-2014-8182: An off-by-one error leading to a crash was discovered in openldap 2↗2020-01-02

▶

📋Vendor Advisories

Red Hat

openldap: crash in ldap_domain2hostlist when processing SRV records↗2014-07-21

▶

Debian

CVE-2014-8182: openldap - An off-by-one error leading to a crash was discovered in openldap 2.4 when proce...↗2014

▶

💬Community

Bugzilla

CVE-2014-8182 openldap: crash in ldap_domain2hostlist when processing SRV records↗2014-05-09

▶