Skip to main content

OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability

Last Update Date: 28 Oct 2011 14:59 Release Date: 28 Oct 2011 5653 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in OpenLDAP, which can be exploited by malicious users to cause a Denial of Service.

The vulnerability is caused due to an off-by-one error in the "UTF8StringNormalize()" function when NULL terminating a string. This can be exploited to crash the daemon via e.g. an empty "postalAddressAttribute" value.


Impact

  • Denial of Service

System / Technologies affected

  • OpenLDAP 2.4.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link