ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

• S10 – Denial of Service

EPSS

Score: 0.00282
Percentile: 0.51196

CVSS Scoring

Mapped CWE(s)

• CWE-824 : Access of Uninitialized Pointer

Affected Products

• cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*

← Back to Home