Vulnerabilities > Openldap

DATE CVE VULNERABILITY TITLE RISK
2020-12-08 CVE-2020-25692 Null Pointer Dereference vulnerability in multiple products
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs.
network
low complexity
openldap redhat CWE-476
5.0
2020-07-14 CVE-2020-15719 Improper Certificate Validation vulnerability in multiple products
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support.
network
high complexity
openldap redhat CWE-295
4.0
2020-04-28 CVE-2020-12243 Resource Exhaustion vulnerability in multiple products
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
network
low complexity
openldap debian CWE-400
5.0
2020-01-02 CVE-2014-8182 Off-By-One Error vulnerability in multiple products
An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages.
4.3
2019-07-26 CVE-2019-13565 An issue was discovered in OpenLDAP 2.x before 2.4.48.
network
low complexity
openldap canonical debian
5.0
2019-07-26 CVE-2019-13057 An issue was discovered in the server in OpenLDAP before 2.4.48. 3.5
2017-12-18 CVE-2017-17740 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openldap
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.
network
low complexity
openldap CWE-119
5.0
2017-09-05 CVE-2017-14159 Improper Initialization vulnerability in Openldap
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.
1.9
2017-07-17 CVE-2016-4984 Race Condition vulnerability in Openldap Openldap-Servers
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
1.9
2017-05-29 CVE-2017-9287 Double Free vulnerability in Openldap
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability.
network
low complexity
openldap CWE-415
4.0