Skip to content

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4...

Moderate severity Unreviewed Published May 2, 2022 to the GitHub Advisory Database • Updated Jan 21, 2024

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

References

Published by the National Vulnerability Database Jul 28, 2010
Published to the GitHub Advisory Database May 2, 2022
Last updated Jan 21, 2024

Severity

Moderate

EPSS score

80.589%
(98th percentile)

Weaknesses

CVE ID

CVE-2010-0211

GHSA ID

GHSA-m9h3-f3g9-fqrf

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.