Vulnerabilities > Openldap > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-26 | CVE-2020-36224 | Release of Invalid Pointer or Reference vulnerability in multiple products A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | 7.5 |
| 2021-01-26 | CVE-2020-36223 | Double Free vulnerability in multiple products A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). | 7.5 |
| 2021-01-26 | CVE-2020-36222 | Reachable Assertion vulnerability in multiple products A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. | 7.5 |
| 2021-01-26 | CVE-2020-36221 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). | 7.5 |
| 2020-12-08 | CVE-2020-25692 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. | 7.5 |
| 2019-07-26 | CVE-2019-13565 | An issue was discovered in OpenLDAP 2.x before 2.4.48. | 7.5 |
| 2007-10-30 | CVE-2007-5708 | Resource Management Errors vulnerability in Openldap slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated. | 7.1 |
| 2006-11-07 | CVE-2006-5779 | Reachable Assertion vulnerability in multiple products OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. | 7.5 |
| 2005-12-21 | CVE-2005-4442 | Packages Insecure RUNPATH vulnerability in Gentoo Linux Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | 7.2 |
| 2004-09-07 | CVE-2004-0823 | OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them. | 7.5 |