The get_user_grouplist function in the extdom plug-in in FreeIPA prior to 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote malicious users to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
freeipa freeipa |
||
fedoraproject fedora 22 |
||
fedoraproject fedora 21 |