openldap

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Lightweight Directory Access Protocol (LDAP) client and server
Version 2.6.9-1 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2724 2.6.1-1 2.6.2-1 Critical Fixed
AVG-1569 2.4.57-1 2.4.58-1 Low Fixed
AVG-1489 2.4.56-1 2.4.57-1 Medium Fixed
AVG-358 2.4.44-5 2.4.45-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2022-29155 AVG-2724 Critical Yes Sql injection
the back-sql backend to slapd-sql did not not properly escape LDAP queries and was vulnerable to SQL injection
CVE-2021-27212 AVG-1569 Low Yes Denial of service
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted...
CVE-2020-36230 AVG-1489 Medium Yes Denial of service
A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in...
CVE-2020-36229 AVG-1489 Medium Yes Denial of service
A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.
CVE-2020-36228 AVG-1489 Medium Yes Denial of service
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in...
CVE-2020-36227 AVG-1489 Medium Yes Denial of service
A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service
CVE-2020-36226 AVG-1489 Medium Yes Denial of service
A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial...
CVE-2020-36225 AVG-1489 Medium Yes Denial of service
A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
CVE-2020-36224 AVG-1489 Medium Yes Denial of service
A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
CVE-2020-36223 AVG-1489 Medium Yes Denial of service
A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service...
CVE-2020-36222 AVG-1489 Medium Yes Denial of service
A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.
CVE-2020-36221 AVG-1489 Medium Yes Denial of service
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of...
CVE-2017-9287 AVG-358 Medium Yes Denial of service
A double-free flaw was found in the way OpenLDAP's slapd server <= 2.4.44 using the MDB backend handled LDAP searches. A remote attacker with access to...