Vulnerabilities > CVE-2021-46823 - Unspecified vulnerability in Python-Ldap

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

python-ldap

NVD

Published: 2022-06-18

Updated: 2024-11-21

Summary

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

Vulnerable Configurations

Part	Description	Count
Application	Python-Ldap Python Ldap Python Ldap *	1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/221507
https://exchange.xforce.ibmcloud.com/vulnerabilities/221507
https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm
https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm