CVE-2022-29155
published 2022-05-04CVE-2022-29155: In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement…
PriorityP273critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
69.90%
99.3th percentile
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | openldap | < openldap 2.5.12+dfsg-1 (bookworm) | openldap 2.5.12+dfsg-1 (bookworm) |
| msrc | cbl2_openldap_2.4.57-7_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_openldap_2.4.57-3_on_cbl_mariner_1.0 | — | — |
| openldap | openldap | >= 0 < 2.4.57+dfsg-3+deb11u1 | 2.4.57+dfsg-3+deb11u1 |
| openldap | openldap | >= 0 < 2.5.12+dfsg-1 | 2.5.12+dfsg-1 |
| openldap | openldap | >= 0 < 2.5.12+dfsg-1 | 2.5.12+dfsg-1 |
| openldap | openldap | >= 0 < 2.5.12+dfsg-1 | 2.5.12+dfsg-1 |
| openldap | openldap | >= 2.0 < 2.5.12 | 2.5.12 |
| openldap | openldap | >= 2.6.0 < 2.6.2 | 2.6.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is exploitable via a crafted LDAP search filter containing a SQL statement targeting the back-sql backend of slapd; monitor LDAP search operations for anomalous filter content ↗
- →Attack vector is network-based (remote exploit over LDAP protocol); monitor for unexpected or malformed LDAP search requests from external sources ↗
- →Exploitation can result in arbitrary database modifications; monitor back-sql backend database for unexpected INSERT/UPDATE/DELETE operations correlated with LDAP search activity ↗
- →Only deployments using the experimental back-sql (openldap-servers-sql) backend are affected; audit slapd configuration for 'back-sql' backend usage as a triage step ↗
- ·Only the experimental back-sql backend to slapd is vulnerable; standard OpenLDAP deployments without back-sql are not affected ↗
- ·Red Hat Enterprise Linux 8 and 9 are not affected because the openldap-servers package (which includes back-sql) was not shipped ↗
- ·Affected versions are OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2; fixed versions are 2.5.12 and 2.6.2 respectively ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_msrc9.8CRITICAL
vendor_oracle9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Systems Risk Matrix: XCP Firmware (OpenLDAP) — CVE-2022-29155
vendor_oracle·2024-01-15·CVSS 9.8
CVE-2022-29155 [CRITICAL] Oracle Oracle Systems Risk Matrix: XCP Firmware (OpenLDAP) — CVE-2022-29155
Oracle Oracle Systems Risk Matrix: XCP Firmware (OpenLDAP) vulnerability
CVE: CVE-2022-29155
CVSS: 9.8
Protocol: LDAP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2024 (JAN 2024)
Ubuntu
OpenLDAP vulnerability
vendor_ubuntu·2022-05-19
CVE-2022-29155 OpenLDAP vulnerability
Title: OpenLDAP vulnerability
Summary: OpenLDAP could be made to perform arbitrary modifications to the database.
USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that OpenLDAP incorrectly handled certain SQL statements
within LDAP queries in the experimental back-sql backend. A remote attacker
could possibly use this issue to perform an SQL injection attack and alter
the database.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
OpenLDAP vulnerability
vendor_ubuntu·2022-05-17
CVE-2022-29155 OpenLDAP vulnerability
Title: OpenLDAP vulnerability
Summary: OpenLDAP could be made to perform arbitrary modifications to the database.
It was discovered that OpenLDAP incorrectly handled certain SQL statements
within LDAP queries in the experimental back-sql backend. A remote attacker
could possibly use this issue to perform an SQL injection attack and alter
the database.
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2 a SQL injection vulnerability exists in the experimental back-sql backend to slapd via a SQL statement within an LDAP query. This can occur during
vendor_msrc·2022-05-10·CVSS 9.8
CVE-2022-29155 [CRITICAL] CWE-89 In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2 a SQL injection vulnerability exists in the experimental back-sql backend to slapd via a SQL statement within an LDAP query. This can occur during
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2 a SQL injection vulnerability exists in the experimental back-sql backend to slapd via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed due to a lack of proper escaping.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog
Red Hat
openldap: OpenLDAP SQL injection
vendor_redhat·2022-05-04·CVSS 9.8
CVE-2022-29155 [CRITICAL] CWE-89 openldap: OpenLDAP SQL injection
openldap: OpenLDAP SQL injection
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
A vulnerability was found in the openldap-servers package. A SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This issue occurs during an LDAP search operation when the search filter is processed due to a lack of proper escaping.
Statement: Red Hat Enterprise Linux 8 and 9 are not affected as we have not shipped the OpenLDAP-servers package.
Package: compat-openldap (Red Hat Enterprise L
Debian
CVE-2022-29155: openldap - In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerabil...
vendor_debian·2022·CVSS 9.8
CVE-2022-29155 [CRITICAL] CVE-2022-29155: openldap - In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerabil...
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
Scope: local
bookworm: resolved (fixed in 2.5.12+dfsg-1)
bullseye: resolved (fixed in 2.4.57+dfsg-3+deb11u1)
forky: resolved (fixed in 2.5.12+dfsg-1)
sid: resolved (fixed in 2.5.12+dfsg-1)
trixie: resolved (fixed in 2.5.12+dfsg-1)
GHSA
GHSA-9rm2-9q89-9524: In OpenLDAP 2
ghsa_unreviewed·2022-05-05
CVE-2022-29155 [CRITICAL] CWE-89 GHSA-9rm2-9q89-9524: In OpenLDAP 2
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
OSV
CVE-2022-29155: In OpenLDAP 2
osv·2022-05-04·CVSS 9.8
CVE-2022-29155 [CRITICAL] CVE-2022-29155: In OpenLDAP 2
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
No detection rules found.
No public exploits indexed.
https://bugs.openldap.org/show_bug.cgi?id=9815https://lists.debian.org/debian-lts-announce/2022/05/msg00032.htmlhttps://security.netapp.com/advisory/ntap-20220609-0007/https://www.debian.org/security/2022/dsa-5140https://bugs.openldap.org/show_bug.cgi?id=9815https://lists.debian.org/debian-lts-announce/2022/05/msg00032.htmlhttps://security.netapp.com/advisory/ntap-20220609-0007/https://www.debian.org/security/2022/dsa-5140
2022-05-04
Published