| Max CVSS | 5.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-3767 | 4.3 |
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-
|
14-10-2020 - 17:13 | 23-10-2009 - 19:30 | |
| CVE-2010-0212 | 5.0 |
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5St
|
10-10-2018 - 19:51 | 28-07-2010 - 12:48 | |
| CVE-2011-1024 | 4.6 |
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program aut
|
07-01-2017 - 02:59 | 20-03-2011 - 02:00 | |
| CVE-2015-6908 | 5.0 |
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
|
22-12-2016 - 03:00 | 11-09-2015 - 16:59 | |
| CVE-2013-4449 | 4.3 |
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to f
|
08-12-2016 - 03:03 | 05-02-2014 - 18:55 |