Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-1545

Published: 12/02/2015 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openldap

Vulnerability Summary

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 up to and including 2.4.40 allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openldap openldap 2.4.39

openldap openldap 2.4.17

openldap openldap 2.4.37

openldap openldap 2.4.26

openldap openldap 2.4.31

openldap openldap 2.4.40

openldap openldap 2.4.16

openldap openldap 2.4.29

openldap openldap 2.4.32

openldap openldap 2.4.22

openldap openldap 2.4.25

openldap openldap 2.4.20

openldap openldap 2.4.15

openldap openldap 2.4.18

openldap openldap 2.4.27

openldap openldap 2.4.36

openldap openldap 2.4.38

openldap openldap 2.4.28

openldap openldap 2.4.23

openldap openldap 2.4.24

openldap openldap 2.4.34

openldap openldap 2.4.14

openldap openldap 2.4.19

openldap openldap 2.4.21

openldap openldap 2.4.30

openldap openldap 2.4.13

openldap openldap 2.4.35

openldap openldap 2.4.33

Vendor Advisories

Ubuntu Security Notice: openldap vulnerabilities
OpenLDAP could be made to crash if it received specially crafted network traffic ...
Debian Security Advisories: DSA-3209-1 openldap -- security update
Multiple vulnerabilities were found in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol CVE-2013-4449 Michael Vishchers from Seven Principles AG discovered a denial of service vulnerability in slapd, the directory server implementation When the server is configured to used the RWM overlay, an attacker ...
Debian CVElist Bug Report Logs: openldap: CVE-2015-1545: crashes on search with deref control and empty attr list
Debian Bug report logs - #776988 openldap: CVE-2015-1545: crashes on search with deref control and empty attr list Package: slapd; Maintainer for slapd is Debian OpenLDAP Maintainers <pkg-openldap-devel@listsaliothdebianorg>; Source for slapd is src:openldap (PTS, buildd, popcon) Reported by: Ryan Tandy <ryan@nardisca ...
Debian CVElist Bug Report Logs: openldap: CVE-2015-1546: crash in valueReturnFilter cleanup
Debian Bug report logs - #776991 openldap: CVE-2015-1546: crash in valueReturnFilter cleanup Package: slapd; Maintainer for slapd is Debian OpenLDAP Maintainers <pkg-openldap-devel@listsaliothdebianorg>; Source for slapd is src:openldap (PTS, buildd, popcon) Reported by: Ryan Tandy <ryan@nardisca> Date: Tue, 3 F ...
Debian CVElist Bug Report Logs: slapd: CVE-2014-9713: dangerous access rule in default config
Debian Bug report logs - #761406 slapd: CVE-2014-9713: dangerous access rule in default config Package: slapd; Maintainer for slapd is Debian OpenLDAP Maintainers <pkg-openldap-devel@listsaliothdebianorg>; Source for slapd is src:openldap (PTS, buildd, popcon) Reported by: Dietrich Clauss <dietrich@clauss-itcom> ...
Red Hat: CVE-2015-1545
The deref_parseCtrl function in servers/slapd/overlays/derefc in OpenLDAP 2413 through 2440 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request ...

Mailing Lists

Full Disclosure: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-12-10-3 macOS Catalina 10152, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra <! ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/72519http://www.openldap.org/its/?findid=8027http://secunia.com/advisories/62787http://www.openwall.com/lists/oss-security/2015/02/07/3https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988http://www.mandriva.com/security/advisories?name=MDVSA-2015:073http://www.mandriva.com/security/advisories?name=MDVSA-2015:074http://www.debian.org/security/2015/dsa-3209http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.htmlhttp://www.securitytracker.com/id/1032399https://exchange.xforce.ibmcloud.com/vulnerabilities/100937https://support.apple.com/kb/HT210788https://seclists.org/bugtraq/2019/Dec/23http://seclists.org/fulldisclosure/2019/Dec/26http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttps://support.apple.com/HT204659http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562chttps://usn.ubuntu.com/2622-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-1545
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook