ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).
References
| Link | Resource |
|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685 | Broken Link Patch |
| http://secunia.com/advisories/11261 | Broken Link Patch |
| http://secunia.com/advisories/9203 | Broken Link Patch |
| http://security.gentoo.org/glsa/glsa-200403-12.xml | Third Party Advisory |
| http://www.openldap.org/its/index.cgi?findid=2390 | Issue Tracking Patch |
| http://www.osvdb.org/17000 | Broken Link |
| http://www.securityfocus.com/bid/7656 | Broken Link Patch Third Party Advisory VDB Entry |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/12520 | Third Party Advisory VDB Entry |
Configurations
History
13 Feb 2024, 17:43
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:openldap:openldap:2.0.11:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.1.4:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.8:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.11_11s:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.6:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.23:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.1.15:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.16:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.20:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.1.12:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.1.14:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.22:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.11_11:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.1.10:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.18:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.1.13:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.1.16:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.9:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.15:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.10:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.14:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.4:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.17:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.5:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.21:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.7:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.11_9:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.12:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.19:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.25:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.27:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.1.11:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:openldap:openldap:2.0.3:*:*:*:*:*:*:* |
cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:* |
| CWE | CWE-824 | |
| References | () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685 - Broken Link, Patch | |
| References | () http://secunia.com/advisories/11261 - Broken Link, Patch | |
| References | () http://secunia.com/advisories/9203 - Broken Link, Patch | |
| References | () http://security.gentoo.org/glsa/glsa-200403-12.xml - Third Party Advisory | |
| References | () http://www.openldap.org/its/index.cgi?findid=2390 - Issue Tracking, Patch | |
| References | () http://www.osvdb.org/17000 - Broken Link | |
| References | () http://www.securityfocus.com/bid/7656 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/12520 - Third Party Advisory, VDB Entry |
Information
Published : 2003-03-20 05:00
Updated : 2024-02-13 17:43
NVD link : CVE-2003-1201
Mitre link : CVE-2003-1201
CVE.ORG link : CVE-2003-1201
JSON object : View
Products Affected
openldap
- openldap
CWE
CWE-824
Access of Uninitialized Pointer