OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability
RISK: Medium Risk
TYPE: Servers - Other Servers
A vulnerability has been identified in OpenLDAP, which can be exploited by malicious users to cause a Denial of Service.
The vulnerability is caused due to an off-by-one error in the "UTF8StringNormalize()" function when NULL terminating a string. This can be exploited to crash the daemon via e.g. an empty "postalAddressAttribute" value.
Impact
- Denial of Service
System / Technologies affected
- OpenLDAP 2.4.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Fixed in the GIT repository.
git://git.openldap.org/openldap.git
Vulnerability Identifier
Source
Related Link
Share with