Openldap: >> Openldap >> 2.3.38 Security Vulnerabilities
Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.
CVSS Score
4.0
EPSS Score
0.068
Published
2011-10-27
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
CVSS Score
5.0
EPSS Score
0.508
Published
2008-07-01