Slapi-Nis Project Slapi-Nis vulnerabilities

CVE-2021-3480 [HIGH] CWE-476 CVE-2021-3480: A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsi A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability.

CVE-2015-0283 [HIGH] CVE-2015-0283: The slapi-nis plug-in before 0 The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups.