CVE-2014-8182

HIGH

OpenLDAP 2.4 - Memory Corruption

Title source: llm

Description

An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.

References (4)

[Patch, Third Party Advisory] https://security-tracker.debian.org/tracker/CVE-2014-8182

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8182

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-8182

[Third Party Advisory] https://access.redhat.com/security/cve/cve-2014-8182

Scores

CVSS v3 7.5

EPSS 0.0512

EPSS Percentile 89.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-193

Status published

Products (4)

debian/debian_linux 8.0

debian/debian_linux 9.0

debian/debian_linux 10.0

openldap/openldap 2.4

Published Jan 02, 2020

Tracked Since Feb 18, 2026