4.3

CVE-2013-4449

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
OpenldapOpenldap Version <= 2.4.36
OpenldapOpenldap Version2.4.6
OpenldapOpenldap Version2.4.7
OpenldapOpenldap Version2.4.8
OpenldapOpenldap Version2.4.9
OpenldapOpenldap Version2.4.10
OpenldapOpenldap Version2.4.11
OpenldapOpenldap Version2.4.12
OpenldapOpenldap Version2.4.13
OpenldapOpenldap Version2.4.14
OpenldapOpenldap Version2.4.15
OpenldapOpenldap Version2.4.16
OpenldapOpenldap Version2.4.17
OpenldapOpenldap Version2.4.18
OpenldapOpenldap Version2.4.19
OpenldapOpenldap Version2.4.20
OpenldapOpenldap Version2.4.21
OpenldapOpenldap Version2.4.22
OpenldapOpenldap Version2.4.23
OpenldapOpenldap Version2.4.24
OpenldapOpenldap Version2.4.25
OpenldapOpenldap Version2.4.26
OpenldapOpenldap Version2.4.27
OpenldapOpenldap Version2.4.28
OpenldapOpenldap Version2.4.29
OpenldapOpenldap Version2.4.30
OpenldapOpenldap Version2.4.31
OpenldapOpenldap Version2.4.32
OpenldapOpenldap Version2.4.33
OpenldapOpenldap Version2.4.34
OpenldapOpenldap Version2.4.35
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.91% 0.953
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://seclists.org/fulldisclosure/2019/Dec/26
https://seclists.org/bugtraq/2019/Dec/23
https://support.apple.com/kb/HT210788
http://rhn.redhat.com/errata/RHSA-2014-0126.html
http://rhn.redhat.com/errata/RHSA-2014-0206.html
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-4449
http://www.debian.org/security/2015/dsa-3209
http://www.mandriva.com/security/advisories?name=MDVSA-2014:026
http://www.openldap.org/its/index.cgi/Incoming?id=7723
http://www.openwall.com/lists/oss-security/2013/10/19/3
http://www.securityfocus.com/bid/63190
http://www.securitytracker.com/id/1029711
https://bugzilla.redhat.com/show_bug.cgi?id=1019490