- EPSS 13.17%
- Veröffentlicht 01.07.2008 21:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:48
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
- EPSS 3.05%
- Veröffentlicht 13.02.2008 21:00:00
- Zuletzt bearbeitet 16.06.2026 22:50:04
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.
- EPSS 2.04%
- Veröffentlicht 01.02.2008 22:00:00
- Zuletzt bearbeitet 16.06.2026 22:48:35
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerabilit...
CVE-2007-5707
- EPSS 3.65%
- Veröffentlicht 30.10.2007 19:46:00
- Zuletzt bearbeitet 16.06.2026 22:46:40
OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent.
CVE-2007-5708
- EPSS 2.62%
- Veröffentlicht 30.10.2007 19:46:00
- Zuletzt bearbeitet 16.06.2026 22:46:40
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers ...
CVE-2006-6493
- EPSS 9.19%
- Veröffentlicht 13.12.2006 00:28:00
- Zuletzt bearbeitet 16.06.2026 22:33:13
Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind r...
CVE-2006-5779
- EPSS 75.37%
- Veröffentlicht 07.11.2006 18:07:00
- Zuletzt bearbeitet 16.06.2026 22:31:51
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
CVE-2006-4600
- EPSS 2.66%
- Veröffentlicht 07.09.2006 00:04:00
- Zuletzt bearbeitet 16.06.2026 22:29:25
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
- EPSS 4.49%
- Veröffentlicht 01.06.2006 17:02:00
- Zuletzt bearbeitet 16.06.2026 22:25:41
Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname.
CVE-2005-4442
- EPSS 0.46%
- Veröffentlicht 21.12.2005 02:03:00
- Zuletzt bearbeitet 16.06.2026 22:18:48
Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.