CVE-2012-1164

OpenLDAP < 2.4.30 - Denial of Service via LDAP Search Query with attrsOnly

Title source: llm
STIX 2.1

Description

slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.

References (11)

Core 11
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:130
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49607
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-36.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48372
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0899.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52404
Release Notes x_refsource_confirm
http://www.openldap.org/software/release/changes.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT210788
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Dec/23
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Dec/26

Scores

EPSS 0.0369
EPSS Percentile 88.4%

Details

CWE
CWE-119
Status published
Products (24)
openldap/openldap 2.4.6
openldap/openldap 2.4.7
openldap/openldap 2.4.8
openldap/openldap 2.4.9
openldap/openldap 2.4.10
openldap/openldap 2.4.11
openldap/openldap 2.4.12
openldap/openldap 2.4.13
openldap/openldap 2.4.14
openldap/openldap 2.4.15
... and 14 more
Published Jun 29, 2012
Tracked Since Feb 18, 2026