CVE-2015-1545
Published: 12 February 2015
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
Priority
Status
Package | Release | Status |
---|---|---|
openldap Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(2.4.28-1.1ubuntu4.5)
|
|
trusty |
Released
(2.4.31-1+nmu2ubuntu8.1)
|
|
upstream |
Released
(2.4.40-4)
|
|
utopic |
Released
(2.4.31-1+nmu2ubuntu11.1)
|
|
vivid |
Released
(2.4.31-1+nmu2ubuntu12.1)
|
|
Patches: upstream: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=7a5a98577a0481d864ca7fe05b9b32274d4d1fb5 |