CVE-2015-1545

Published: 12 February 2015

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.

Priority

Low

Status

Package Release Status
openldap
Launchpad, Ubuntu, Debian
Upstream
Released (2.4.40-4)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.4.31-1+nmu2ubuntu8.1)
Patches:
Upstream: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=7a5a98577a0481d864ca7fe05b9b32274d4d1fb5