Vulnerabilities > Openldap > Openldap > 2.4.20
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-29 | CVE-2017-9287 | Double Free vulnerability in multiple products servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. | 4.0 |
| 2014-02-05 | CVE-2013-4449 | Numeric Errors vulnerability in multiple products The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. | 4.3 |
| 2012-06-29 | CVE-2012-1164 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openldap slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. | 2.6 |
| 2011-03-20 | CVE-2011-1081 | Resource Management Errors vulnerability in Openldap modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field. | 5.0 |
| 2011-03-20 | CVE-2011-1025 | Improper Authentication vulnerability in Openldap bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password. | 6.8 |
| 2011-03-20 | CVE-2011-1024 | Permissions, Privileges, and Access Controls vulnerability in Openldap chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server. | 4.6 |