CVE-2015-1545
published 2015-02-12CVE-2015-1545: The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL…
PriorityP428medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
11.09%
95.4th percentile
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_catalina_10.15.2_security_update_2019-002_mojave_security_update_2019-007 | — | — |
| apple | os_x_yosemite_v10.10.3_and_security_update_2015-004 | — | — |
| debian | openldap | < openldap 2.4.40-4 (bookworm) | openldap 2.4.40-4 (bookworm) |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
| openldap | openldap | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition: a search request containing a deref control with an empty attribute list causes a NULL pointer dereference crash in slapd (deref_parseCtrl in servers/slapd/overlays/deref.c) ↗
- →Vulnerable process to monitor for unexpected crashes: slapd (OpenLDAP daemon) — crash indicates possible exploitation attempt ↗
- →Affected code path is only reachable when the deref overlay is enabled in slapd; systems without deref overlay support are not affected ↗
- ·Vulnerability only exists in OpenLDAP versions 2.4.13 through 2.4.40; fixed in 2.4.40-4 (Debian) and 2.4.40-3.fc21 (Fedora 21) ↗
- ·The deref overlay must be explicitly enabled in slapd configuration for this vulnerability to be exploitable; default installs without the overlay are not at risk ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2015-1545: macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
vendor_apple·2019-12-10·CVSS 5.0
CVE-2015-1545 [MEDIUM] CVE-2015-1545: macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
Apple Security Update: About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
Product: macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
CVE: CVE-2015-1545
Component: CVE-2015-1545
Ubuntu
OpenLDAP vulnerabilities
vendor_ubuntu·2015-05-26·CVSS 2.6
CVE-2012-1164 [LOW] OpenLDAP vulnerabilities
Title: OpenLDAP vulnerabilities
Summary: OpenLDAP could be made to crash if it received specially crafted network
traffic.
It was discovered that OpenLDAP incorrectly handled certain search queries
that returned empty attributes. A remote attacker could use this issue to
cause OpenLDAP to assert, resulting in a denial of service. This issue only
affected Ubuntu 12.04 LTS. (CVE-2012-1164)
Michael Vishchers discovered that OpenLDAP improperly counted references
when the rwm overlay was used. A remote attacker could use this issue to
cause OpenLDAP to crash, resulting in a denial of service. (CVE-2013-4449)
It was discovered that OpenLDAP incorrectly handled certain empty attribute
lists in search requests. A remote attacker could use this issue to cause
OpenLDAP to crash, resulting in a
Red Hat
openldap: slapd crashes on search with deref control and empty attr list
vendor_redhat·2015-02-03·CVSS 5.0
CVE-2015-1545 [MEDIUM] openldap: slapd crashes on search with deref control and empty attr list
openldap: slapd crashes on search with deref control and empty attr list
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
Statement: This issue did not affect the versions of openldap as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include support for the deref overlay.
Package: openldap (Red Hat Enterprise Linux 5) - Not affected
Package: openldap (Red Hat Enterprise Linux 6) - Not affected
Package: openldap (Red Hat Enterprise Linux 7) - Not affected
Package: openldap (Red Hat JBoss Enterprise Application Platform 5) - Not affected
Package: openldap (Red Hat
Debian
CVE-2015-1545: openldap - The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.1...
vendor_debian·2015·CVSS 5.0
CVE-2015-1545 [MEDIUM] CVE-2015-1545: openldap - The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.1...
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
Scope: local
bookworm: resolved (fixed in 2.4.40-4)
bullseye: resolved (fixed in 2.4.40-4)
forky: resolved (fixed in 2.4.40-4)
sid: resolved (fixed in 2.4.40-4)
trixie: resolved (fixed in 2.4.40-4)
Apple
CVE-2015-1545: OS X Yosemite v10.10.3 and Security Update 2015-004
vendor_apple·CVSS 5.0
CVE-2015-1545 [MEDIUM] CVE-2015-1545: OS X Yosemite v10.10.3 and Security Update 2015-004
Apple Security Update: About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004
Product: OS X Yosemite v10.10.3 and Security Update 2015-004
CVE: CVE-2015-1545
Component: CVE-ID
GHSA
GHSA-qwqq-jvm7-rm7c: The deref_parseCtrl function in servers/slapd/overlays/deref
ghsa_unreviewed·2022-05-17
CVE-2015-1545 [MEDIUM] GHSA-qwqq-jvm7-rm7c: The deref_parseCtrl function in servers/slapd/overlays/deref
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
OSV
openldap vulnerabilities
osv·2015-05-26·CVSS 2.6
CVE-2012-1164 [LOW] openldap vulnerabilities
openldap vulnerabilities
It was discovered that OpenLDAP incorrectly handled certain search queries
that returned empty attributes. A remote attacker could use this issue to
cause OpenLDAP to assert, resulting in a denial of service. This issue only
affected Ubuntu 12.04 LTS. (CVE-2012-1164)
Michael Vishchers discovered that OpenLDAP improperly counted references
when the rwm overlay was used. A remote attacker could use this issue to
cause OpenLDAP to crash, resulting in a denial of service. (CVE-2013-4449)
It was discovered that OpenLDAP incorrectly handled certain empty attribute
lists in search requests. A remote attacker could use this issue to cause
OpenLDAP to crash, resulting in a denial of service. (CVE-2015-1545)
OSV
CVE-2015-1545: The deref_parseCtrl function in servers/slapd/overlays/deref
osv·2015-02-12·CVSS 5.0
CVE-2015-1545 [MEDIUM] CVE-2015-1545: The deref_parseCtrl function in servers/slapd/overlays/deref
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-1545 openldap: slapd crashes on search with deref control and empty attr list [fedora-all]
bugzilla·2015-02-09·CVSS 5.0
CVE-2015-1545 [MEDIUM] CVE-2015-1545 openldap: slapd crashes on search with deref control and empty attr list [fedora-all]
CVE-2015-1545 openldap: slapd crashes on search with deref control and empty attr list [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
Bugzilla
CVE-2015-1545 openldap: slapd crashes on search with deref control and empty attr list
bugzilla·2015-02-09·CVSS 5.0
CVE-2015-1545 [MEDIUM] CVE-2015-1545 openldap: slapd crashes on search with deref control and empty attr list
CVE-2015-1545 openldap: slapd crashes on search with deref control and empty attr list
It was reported [1] that with the deref overlay enabled, ldapsearch with '-E deref=member:' causes slapd to crash.
Upstream bugreport: http://www.openldap.org/its/?findid=8027
Upstream commit: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=7a5a98577a0481d864ca7fe05b9b32274d4d1fb5
[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988
Discussion:
Created openldap tracking bugs for this issue:
Affects: fedora-all [bug 1190645]
---
Statement:
This issue did not affect the versions of openldap as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include support for the deref overlay.
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.opensuse.org/opensuse-updates/2015-07/msg00069.htmlhttp://seclists.org/fulldisclosure/2019/Dec/26http://secunia.com/advisories/62787http://www.debian.org/security/2015/dsa-3209http://www.mandriva.com/security/advisories?name=MDVSA-2015:073http://www.mandriva.com/security/advisories?name=MDVSA-2015:074http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562chttp://www.openldap.org/its/?findid=8027http://www.openwall.com/lists/oss-security/2015/02/07/3http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/72519http://www.securitytracker.com/id/1032399https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988https://exchange.xforce.ibmcloud.com/vulnerabilities/100937https://seclists.org/bugtraq/2019/Dec/23https://support.apple.com/HT204659https://support.apple.com/kb/HT210788http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.opensuse.org/opensuse-updates/2015-07/msg00069.htmlhttp://seclists.org/fulldisclosure/2019/Dec/26http://secunia.com/advisories/62787http://www.debian.org/security/2015/dsa-3209http://www.mandriva.com/security/advisories?name=MDVSA-2015:073http://www.mandriva.com/security/advisories?name=MDVSA-2015:074http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562chttp://www.openldap.org/its/?findid=8027http://www.openwall.com/lists/oss-security/2015/02/07/3http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/72519http://www.securitytracker.com/id/1032399https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988https://exchange.xforce.ibmcloud.com/vulnerabilities/100937https://seclists.org/bugtraq/2019/Dec/23https://support.apple.com/HT204659https://support.apple.com/kb/HT210788
2015-02-12
Published