4.3

CVE-2013-4449

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
OpenldapOpenldap Version <= 2.4.36
OpenldapOpenldap Version2.4.6
OpenldapOpenldap Version2.4.7
OpenldapOpenldap Version2.4.8
OpenldapOpenldap Version2.4.9
OpenldapOpenldap Version2.4.10
OpenldapOpenldap Version2.4.11
OpenldapOpenldap Version2.4.12
OpenldapOpenldap Version2.4.13
OpenldapOpenldap Version2.4.14
OpenldapOpenldap Version2.4.15
OpenldapOpenldap Version2.4.16
OpenldapOpenldap Version2.4.17
OpenldapOpenldap Version2.4.18
OpenldapOpenldap Version2.4.19
OpenldapOpenldap Version2.4.20
OpenldapOpenldap Version2.4.21
OpenldapOpenldap Version2.4.22
OpenldapOpenldap Version2.4.23
OpenldapOpenldap Version2.4.24
OpenldapOpenldap Version2.4.25
OpenldapOpenldap Version2.4.26
OpenldapOpenldap Version2.4.27
OpenldapOpenldap Version2.4.28
OpenldapOpenldap Version2.4.29
OpenldapOpenldap Version2.4.30
OpenldapOpenldap Version2.4.31
OpenldapOpenldap Version2.4.32
OpenldapOpenldap Version2.4.33
OpenldapOpenldap Version2.4.34
OpenldapOpenldap Version2.4.35
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 68.75% 0.986
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P