CVE-2015-1545 — Openldap vulnerability

11 documents8 sources

Severity

5.0MEDIUMNVD

OSV2.6

EPSS

64.8%

top 1.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openldap Debian Openldap Apple Macos Catalina 10.15.2 Security Update 2019-002 Mojave Security Update 2019-007 +1 more

Timeline

PublishedFeb 12

Latest updateMay 17

Description

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

▶debiandebian/openldap< openldap 2.4.40-4 (bookworm)

▶Debianopenldap/openldap< 2.4.40-4+3

▶Ubuntuopenldap/openldap< 2.4.31-1+nmu2ubuntu8.1

▶NVDopenldap/openldap28 versions+27

▶Appleapple/os_x_yosemite_v10.10.3_and_security_update_2015-004

🔴Vulnerability Details

GHSA

GHSA-qwqq-jvm7-rm7c: The deref_parseCtrl function in servers/slapd/overlays/deref↗2022-05-17

▶

OSV

openldap vulnerabilities↗2015-05-26

▶

OSV

CVE-2015-1545: The deref_parseCtrl function in servers/slapd/overlays/deref↗2015-02-12

▶

📋Vendor Advisories

Apple

CVE-2015-1545: macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra↗2019-12-10

▶

Ubuntu

OpenLDAP vulnerabilities↗2015-05-26

▶

Red Hat

openldap: slapd crashes on search with deref control and empty attr list↗2015-02-03

▶

Debian

CVE-2015-1545: openldap - The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.1...↗2015

▶

Apple

CVE-2015-1545: OS X Yosemite v10.10.3 and Security Update 2015-004↗

▶

💬Community

Bugzilla

CVE-2015-1545 openldap: slapd crashes on search with deref control and empty attr list [fedora-all]↗2015-02-09

▶

Bugzilla

CVE-2015-1545 openldap: slapd crashes on search with deref control and empty attr list↗2015-02-09

▶