CVE-2014-8182
HIGHOpenLDAP 2.4 - Denial of Service via DNS SRV Message Processing
Title source: llmDescription
An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.
References (4)
Core 4
Core References
Patch, Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2014-8182
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8182
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-8182
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2014-8182
Scores
CVSS v3
7.5
EPSS
0.0309
EPSS Percentile
86.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-193
Status
published
Products (4)
debian/debian_linux
8.0
debian/debian_linux
9.0
debian/debian_linux
10.0
openldap/openldap
2.4
Published
Jan 02, 2020
Tracked Since
Feb 18, 2026