Multiple vulnerabilities have been discovered in ldb, a LDAP-like embedded database built on top of TDB. CVE-2020-10730 Andrew Bartlett discovered a NULL pointer dereference and use-after-free flaw when handling ASQ and VLV LDAP controls and combinations with the LDAP paged_results feature. CVE-2020-27840 Douglas Bagnall discovered a heap corruption flaw via crafted DN strings. CVE-2021-20277 Douglas Bagnall discovered an out-of-bounds read vulnerability in handling LDAP attributes that contains multiple consecutive leading spaces. For the stable distribution (buster), these problems have been fixed in version 2:1.5.1+really1.4.6-3+deb10u1. We recommend that you upgrade your ldb packages. For the detailed security status of ldb please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ldb
Multiple vulnerabilities have been discovered in ldb, a LDAP-like embedded database built on top of TDB.
Andrew Bartlett discovered a NULL pointer dereference and
use-after-free flaw when handling ASQ
and VLV
LDAP controls and
combinations with the LDAP paged_results feature.
Douglas Bagnall discovered a heap corruption flaw via crafted DN strings.
Douglas Bagnall discovered an out-of-bounds read vulnerability in handling LDAP attributes that contains multiple consecutive leading spaces.
For the stable distribution (buster), these problems have been fixed in version 2:1.5.1+really1.4.6-3+deb10u1.
We recommend that you upgrade your ldb packages.
For the detailed security status of ldb please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ldb