2011-10-27 22:55:01 2017-08-29 03:30:27

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL
Openldap Openldap 2.3.25 (not an official CPE) Openldap Openldap 2.3.26 (not an official CPE) Openldap Openldap 2.3.9 (not an official CPE) Openldap Openldap 2.0.19 (not an official CPE) Openldap Openldap 2.2.10 (not an official CPE) Openldap Openldap 2.1.7 (not an official CPE) Openldap Openldap 2.2.11 (not an official CPE) Openldap Openldap 2.1.8 (not an official CPE) Openldap Openldap 2.2.12 (not an official CPE) Openldap Openldap 2.2.17 (not an official CPE) Openldap Openldap 1.2.13 (not an official CPE) Openldap Openldap 2.2.18 (not an official CPE) Openldap Openldap 2.1.2 (not an official CPE) Openldap Openldap 1.2.12 (not an official CPE) Openldap Openldap 2.2.15 (not an official CPE) Openldap Openldap 2.2.16 (not an official CPE) Openldap Openldap 2.1.5 (not an official CPE) Openldap Openldap 2.1.6 (not an official CPE) Openldap Openldap 2.2.24 (not an official CPE) Openldap Openldap 2.2.25 (not an official CPE) Openldap Openldap 1.0.3 (not an official CPE) Openldap Openldap 2.2.20 (not an official CPE) Openldap Openldap 2.2.21 (not an official CPE) Openldap Openldap 2.2.22 (not an official CPE) Openldap Openldap 2.2.23 (not an official CPE) Openldap Openldap 1.0.1 (not an official CPE) Openldap Openldap 1.0.2 (not an official CPE) Openldap Openldap 2.2.26 (not an official CPE) Openldap Openldap 2.2.27 (not an official CPE) Openldap Openldap 2.2.19 (not an official CPE) Openldap Openldap 2.2.8 (not an official CPE) Openldap Openldap 2.2.9 (not an official CPE) Openldap Openldap 2.1.3 (not an official CPE) Openldap Openldap 1.2.11 (not an official CPE) Openldap Openldap 2.1.4 (not an official CPE) Openldap Openldap 1.2.10 (not an official CPE) Openldap Openldap 2.0.12 (not an official CPE) Openldap Openldap 2.0.11 (not an official CPE) Openldap Openldap 2.0.11 11s (not an official CPE) Openldap Openldap 2.0.0 (not an official CPE) Openldap Openldap 2.3.40 (not an official CPE) Openldap Openldap 2.0.1 (not an official CPE) OpenLDAP 2.4.17 Openldap Openldap 2.1.20 (not an official CPE) OpenLDAP 2.4.18 OpenLDAP 2.4.19 OpenLDAP 2.4.13 OpenLDAP 2.4.14 Openldap Openldap 2.0.11 11 (not an official CPE) Openldap Openldap 2.0.8 (not an official CPE) Openldap Openldap 2.1.22 (not an official CPE) Openldap Openldap 2.0.9 (not an official CPE) Openldap Openldap 2.1.21 (not an official CPE) Openldap Openldap 2.3.41 (not an official CPE) Openldap Openldap 2.1.28 (not an official CPE) Openldap Openldap 2.0.2 (not an official CPE) OpenLDAP 2.4.10 Openldap Openldap 2.3.42 (not an official CPE) Openldap Openldap 2.0.3 (not an official CPE) Openldap Openldap 2.1.27 (not an official CPE) OpenLDAP 2.4.11 Openldap Openldap 2.3.43 (not an official CPE) Openldap Openldap 2.1.26 (not an official CPE) OpenLDAP 2.4.12 Openldap Openldap 2.1.25 (not an official CPE) Openldap Openldap 2.0.6 (not an official CPE) Openldap Openldap 2.4.3 (not an official CPE) Openldap Openldap 2.0.7 (not an official CPE) Openldap Openldap 2.1.19 (not an official CPE) Openldap Openldap 2.1.18 (not an official CPE) OpenLDAP 2.4.26 Openldap Openldap 1.2.9 (not an official CPE) Openldap Openldap 1.1.4 (not an official CPE) Openldap Openldap 1.1.2 (not an official CPE) Openldap Openldap 1.1.3 (not an official CPE) Openldap Openldap 2.1.30 (not an official CPE) OpenLDAP 2.4.24 OpenLDAP 2.4.25 OpenLDAP 2.4.20 Openldap Openldap 1.1.0 (not an official CPE) OpenLDAP 2.4.21 Openldap Openldap 1.1.1 (not an official CPE) OpenLDAP 2.4.22 OpenLDAP 2.4.23 Openldap Openldap 2.1.29 (not an official CPE) Openldap Openldap 2.1.9 (not an official CPE) Openldap Openldap 2.0.4 (not an official CPE) Openldap Openldap 2.0.5 (not an official CPE) Openldap Openldap 2.2.13 (not an official CPE) Openldap Openldap 2.2.14 (not an official CPE) Openldap Openldap 2.3.27 (not an official CPE) Openldap Openldap 2.3.28 (not an official CPE) Openldap Openldap 2.3.29 (not an official CPE) Openldap Openldap 2.3.23 (not an official CPE) Openldap Openldap 2.3.24 (not an official CPE) Openldap Openldap 2.3.5 (not an official CPE) Openldap Openldap 2.3.6 (not an official CPE) Openldap Openldap 2.3.20 (not an official CPE) Openldap Openldap 2.3.21 (not an official CPE) Openldap Openldap 2.3.22 (not an official CPE) Openldap Openldap 2.3.4 (not an official CPE) Openldap Openldap 1.1 (not an official CPE) Openldap Openldap 2.0.11 9 (not an official CPE) Openldap Openldap 1.2 (not an official CPE) Openldap Openldap 2.1.13 (not an official CPE) Openldap Openldap 2.1.12 (not an official CPE) Openldap Openldap 2.3.36 (not an official CPE) Openldap Openldap 2.3.37 (not an official CPE) Openldap Openldap 1.2.3 (not an official CPE) Openldap Openldap 1.2.4 (not an official CPE) Openldap Openldap 1.0 (not an official CPE) Openldap Openldap 1.2.1 (not an official CPE) Openldap Openldap 1.2.2 (not an official CPE) Openldap Openldap 2.3.38 (not an official CPE) Openldap Openldap 1.2.7 (not an official CPE) Openldap Openldap 2.3.39 (not an official CPE) Openldap Openldap 1.2.8 (not an official CPE) Openldap Openldap 1.2.5 (not an official CPE) Openldap Openldap 1.2.6 (not an official CPE) Openldap Openldap 2.3.34 (not an official CPE) Openldap Openldap 2.3.35 (not an official CPE) Openldap Openldap 2.1.11 (not an official CPE) Openldap Openldap 2.1.10 (not an official CPE) Openldap Openldap 2.3.30 (not an official CPE) Openldap Openldap 2.1.17 (not an official CPE) Openldap Openldap 2.3.31 (not an official CPE) Openldap Openldap 2.1.16 (not an official CPE) Openldap Openldap 1.2.0 (not an official CPE) Openldap Openldap 2.3.32 (not an official CPE) Openldap Openldap 2.1.15 (not an official CPE) Openldap Openldap 2.3.33 (not an official CPE) Openldap Openldap 2.1.14 (not an official CPE) OpenLDAP 2.4.6 OpenLDAP 2.4.7 Openldap Openldap 2.1.24 (not an official CPE) Openldap Openldap 2.1.23 (not an official CPE) OpenLDAP 2.4.15 OpenLDAP 2.4.16 OpenLDAP 2.4.8 OpenLDAP 2.4.9 Openldap Openldap 2.3.8 (not an official CPE) Openldap Openldap 2.3.7 (not an official CPE) Openldap Openldap 2.0.17 (not an official CPE) Openldap Openldap 2.0.18 (not an official CPE) Openldap Openldap 2.0.24 (not an official CPE) Openldap Openldap 2.3.11 (not an official CPE) Openldap Openldap 2.0.25 (not an official CPE) Openldap Openldap 2.3.10 (not an official CPE) Openldap Openldap 2.0.26 (not an official CPE) Openldap Openldap 2.0.27 (not an official CPE) Openldap Openldap 2.0.20 (not an official CPE) Openldap Openldap 2.0.21 (not an official CPE) Openldap Openldap 2.3.13 (not an official CPE) Openldap Openldap 2.3.12 (not an official CPE) Openldap Openldap 2.3.19 (not an official CPE) Openldap Openldap 2.3.18 (not an official CPE) Openldap Openldap 2.3.17 (not an official CPE) Openldap Openldap 2.3.16 (not an official CPE) Openldap Openldap 2.1 .20 (not an official CPE) Openldap Openldap 2.0 (not an official CPE) Openldap Openldap 2.3.15 (not an official CPE) Openldap Openldap 2.3.14 (not an official CPE) Openldap Openldap 2.0.22 (not an official CPE) Openldap Openldap 2.0.23 (not an official CPE) Openldap Openldap 2.2.5 (not an official CPE) Openldap Openldap 2.2.4 (not an official CPE) Openldap Openldap 2.0.13 (not an official CPE) Openldap Openldap 2.0.14 (not an official CPE) Openldap Openldap 2.0.15 (not an official CPE) Openldap Openldap 2.2.1 (not an official CPE) Openldap Openldap 2.0.16 (not an official CPE) Openldap Openldap 2.2.0 (not an official CPE) Openldap Openldap 2.2.7 (not an official CPE) Openldap Openldap 2.0.10 (not an official CPE) Openldap Openldap 2.2.6 (not an official CPE)