Vulnerability in Openldap
CVE-2010-0212
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference i…
EPSS: 0.669 (98.6th percentile) — read the EPSS interpretation.
Affected products
- Openldap — versions 2.4.22
- N/a — versions n/a
Weakness classification (CWE)
References
- 1024221 (vdb-entry, x_refsource_SECTRACK)
- cret@cert.org (x_refsource_CONFIRM)
- GLSA-201406-36 (vendor-advisory, x_refsource_GENTOO)
- cret@cert.org (x_refsource_CONFIRM, Exploit)
- cret@cert.org (x_refsource_CONFIRM)
- ADV-2010-1858 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- APPLE-SA-2010-11-10-1 (vendor-advisory, x_refsource_APPLE)
- ADV-2010-1849 (Patch, vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- 41770 (Exploit, Patch, vdb-entry, x_refsource_BID)
- RHSA-2010:0542 (x_refsource_REDHAT, vendor-advisory)