CVE-2015-0283Infinite Loop in Slapi-nis

CWE-399CWE-835Infinite Loop7 documents6 sources
Severity
7.8HIGHNVD
EPSS
1.8%
top 17.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Slapi-nis Project Slapi-nisDebian Slapi-nisRedhat Slapi-nis
Timeline
PublishedMar 30
Latest updateMay 17

Description

The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

debiandebian/slapi-nis< slapi-nis 0.54.2-1 (bookworm)
Debianslapi-nis_project/slapi-nis< 0.54.2-1+2
NVDredhat/slapi-nis0.54.1

🔴Vulnerability Details

2
GHSA
GHSA-mh9j-g427-6h4w: The slapi-nis plug-in before 02022-05-17
OSV
CVE-2015-0283: The slapi-nis plug-in before 02015-03-30

📋Vendor Advisories

2
Red Hat
slapi-nis: infinite loop in getgrnam_r() and getgrgid_r()2015-03-26
Debian
CVE-2015-0283: slapi-nis - The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when pro...2015

💬Community

2
Bugzilla
CVE-2015-0283 slapi-nis: infinite loop in getgrnam_r() and getgrgid_r() [fedora-all]2015-03-26
Bugzilla
CVE-2015-0283 slapi-nis: infinite loop in getgrnam_r() and getgrgid_r()2015-02-24
CVE-2015-0283 — Infinite Loop in Debian Slapi-nis | cvebase