Your submission was sent successfully! Close

CVE-2022-29155

Published: 4 May 2022

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
openldap
Launchpad, Ubuntu, Debian
bionic
Released (2.4.45+dfsg-1ubuntu1.11)
focal
Released (2.4.49+dfsg-2ubuntu1.9)
impish
Released (2.5.6+dfsg-1~exp1ubuntu1.1)
jammy
Released (2.5.11+dfsg-1~exp1ubuntu3.1)
trusty
Released (2.4.31-1+nmu2ubuntu8.5+esm5)
upstream
Released (2.5.12+dfsg-1)
xenial
Released (2.4.42+dfsg-2ubuntu3.13+esm1)