Your submission was sent successfully! Close

CVE-2021-46823

Published: 18 June 2022

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
python-ldap
Launchpad, Ubuntu, Debian
bionic
Released (3.0.0-1ubuntu0.2)
focal
Released (3.2.0-4ubuntu2.1)
impish
Released (3.2.0-4ubuntu5.1)
jammy
Released (3.2.0-4ubuntu7.1)
upstream
Released (3.4.0-1)
Patches:
upstream: https://github.com/python-ldap/python-ldap/pull/444/commits/31dbb4b075b4710e3adac7ac998a02aaeb2c5d3d