Debian Openldap vulnerabilities

CVE-2010-0212 [MEDIUM] CVE-2010-0212: openldap - OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via... OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. Scope: local bookwo

CVE-2009-3767 [MEDIUM] CVE-2009-3767: openldap - libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, ... libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Author

CVE-2008-2952 [MEDIUM] CVE-2008-2952: openldap - liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a deni... liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error. Scope: local bookworm: resolved (fixed in 2.4.10-3) bullseye: resolved (fixed in 2.4.10-3) forky: resolved (fixed in 2.4.10-3) sid: resolved (fixed in 2.4.10-3) trixie: resolved (fixed i