CVE-2015-1545
Published Feb 12, 2015
Last updated a year ago
Overview
- Description
- The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>
- Impact
- -
- Solution
- -
Vendor comments
- openldap.orgNote that the deref overlay is not enabled by default, so this vulnerability only affects sites that have explicitly configured their servers to load and enable the overlay. Since this overlay has never been documented, there are no sites outside of the OpenLDAP developer community with a legitimate reason to enable this module.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E99FB859-D023-4B2B-A709-05E83A46E2A1"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D2EEBC7-1FAF-43E2-A124-C387C02D9E2B"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "95D242E4-D5EB-4785-A6EF-60B1E8E2B0EC"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6FEDD9C-FDF7-456A-B06C-0A4A4443991D"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9245CDE2-B90A-4D47-BA20-A7869FF0A645"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB993E4D-E573-4495-97DE-465DDB2AA2DF"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0F106A3-63D5-4D07-9440-6628DBA78BE5"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36CC03BC-DF34-43CD-90B0-27D23A1DD06A"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16C90FEE-527E-47F5-8840-517A55163D8E"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0FAEA812-BB47-47A3-A975-B3B8D30DBA36"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5DE5D180-3972-40A0-ADAF-A4F3364D1381"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD76F376-00D8-4917-BF68-6EECC316C331"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7063C11-3BF5-4037-ADC3-0C7E9AF830B4"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAE258EA-1B57-4189-AD5A-7E2ACF223167"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C492F5F5-A6FD-4BED-890A-79254138CC0A"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6F7FDE8-2E54-4162-AA5F-D81253AAC8FA"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "693E3145-FDDB-4780-886B-6D7FC7B2C5B3"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1BF32056-CC6A-4B2B-8FAA-F573445B9B99"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93B99338-4A1A-4483-8308-49BCCB325C30"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE652CE3-E16B-4062-8253-F3FB52A651EA"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A30ED6D-1DB8-4563-B131-1532F97F9694"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7764366D-29BB-4D75-A33C-7C17DA7496DE"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A38D99B-370E-430A-A657-CD9FF72D0863"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB3D3034-D938-402D-A02F-3F4005C438AA"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.37:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7D979A0-3214-4DC6-A838-0AD2444CA5FD"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.38:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25B3EF5D-7889-4206-838C-E932AFCBE15D"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.39:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B20FA14-9F5B-425D-ACEF-A2348252C39A"
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.4.40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43B01F94-261C-4718-A82D-28DAE9B67936"
}
],
"operator": "OR"
}
]
}
]