CVE-2012-1164
OpenLDAP < 2.4.30 - Denial of Service via LDAP Search Query with attrsOnly
Title source: llmDescription
slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.
References (11)
Core 11
Core References
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:130
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49607
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-36.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48372
Vendor Advisory x_refsource_confirm
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7143
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0899.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52404
Release Notes x_refsource_confirm
http://www.openldap.org/software/release/changes.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT210788
Mailing List mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Dec/23
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Dec/26
Scores
EPSS
0.0369
EPSS Percentile
88.4%
Details
CWE
CWE-119
Status
published
Products (24)
openldap/openldap
2.4.6
openldap/openldap
2.4.7
openldap/openldap
2.4.8
openldap/openldap
2.4.9
openldap/openldap
2.4.10
openldap/openldap
2.4.11
openldap/openldap
2.4.12
openldap/openldap
2.4.13
openldap/openldap
2.4.14
openldap/openldap
2.4.15
... and 14 more
Published
Jun 29, 2012
Tracked Since
Feb 18, 2026