The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap prior to 1.1.0rc1 does not properly handle LDAP query errors, which allows remote malicious users to cause a denial of service (infinite loop and named server hang) via a non-alphabet character in the base DN in an LDAP search DNS query.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
martin nagy bind-dyndb-ldap 0.2.0 |
||
martin nagy bind-dyndb-ldap 0.1.0 |
||
martin nagy bind-dyndb-ldap 1.1.0 |
||
martin nagy bind-dyndb-ldap 1.0.0 |
||
martin nagy bind-dyndb-ldap |