CVE-2011-4079

EUVD-2011-4030
Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
openldapopenldap
𝑥
≤ 2.4.26
openldapopenldap
1.0
openldapopenldap
1.0.1
openldapopenldap
1.0.2
openldapopenldap
1.0.3
openldapopenldap
1.1
openldapopenldap
1.1.0
openldapopenldap
1.1.1
openldapopenldap
1.1.2
openldapopenldap
1.1.3
openldapopenldap
1.1.4
openldapopenldap
1.2
openldapopenldap
1.2.0
openldapopenldap
1.2.1
openldapopenldap
1.2.2
openldapopenldap
1.2.3
openldapopenldap
1.2.4
openldapopenldap
1.2.5
openldapopenldap
1.2.6
openldapopenldap
1.2.7
openldapopenldap
1.2.8
openldapopenldap
1.2.9
openldapopenldap
1.2.10
openldapopenldap
1.2.11
openldapopenldap
1.2.12
openldapopenldap
1.2.13
openldapopenldap
2.0
openldapopenldap
2.0.0
openldapopenldap
2.0.1
openldapopenldap
2.0.2
openldapopenldap
2.0.3
openldapopenldap
2.0.4
openldapopenldap
2.0.5
openldapopenldap
2.0.6
openldapopenldap
2.0.7
openldapopenldap
2.0.8
openldapopenldap
2.0.9
openldapopenldap
2.0.10
openldapopenldap
2.0.11
openldapopenldap
2.0.11_9:_9
openldapopenldap
2.0.11_11:_11
openldapopenldap
2.0.11_11s:_11s
openldapopenldap
2.0.12
openldapopenldap
2.0.13
openldapopenldap
2.0.14
openldapopenldap
2.0.15
openldapopenldap
2.0.16
openldapopenldap
2.0.17
openldapopenldap
2.0.18
openldapopenldap
2.0.19
openldapopenldap
2.0.20
openldapopenldap
2.0.21
openldapopenldap
2.0.22
openldapopenldap
2.0.23
openldapopenldap
2.0.24
openldapopenldap
2.0.25
openldapopenldap
2.0.26
openldapopenldap
2.0.27
openldapopenldap
2.1.2
openldapopenldap
2.1.3
openldapopenldap
2.1.4
openldapopenldap
2.1.5
openldapopenldap
2.1.6
openldapopenldap
2.1.7
openldapopenldap
2.1.8
openldapopenldap
2.1.9
openldapopenldap
2.1.10
openldapopenldap
2.1.11
openldapopenldap
2.1.12
openldapopenldap
2.1.13
openldapopenldap
2.1.14
openldapopenldap
2.1.15
openldapopenldap
2.1.16
openldapopenldap
2.1.17
openldapopenldap
2.1.18
openldapopenldap
2.1.19
openldapopenldap
2.1.20
openldapopenldap
2.1.21
openldapopenldap
2.1.22
openldapopenldap
2.1.23
openldapopenldap
2.1.24
openldapopenldap
2.1.25
openldapopenldap
2.1.26
openldapopenldap
2.1.27
openldapopenldap
2.1.28
openldapopenldap
2.1.29
openldapopenldap
2.1.30
openldapopenldap
2.1_.20:_.20
openldapopenldap
2.2.0
openldapopenldap
2.2.1
openldapopenldap
2.2.4
openldapopenldap
2.2.5
openldapopenldap
2.2.6
openldapopenldap
2.2.7
openldapopenldap
2.2.8
openldapopenldap
2.2.9
openldapopenldap
2.2.10
openldapopenldap
2.2.11
openldapopenldap
2.2.12
openldapopenldap
2.2.13
openldapopenldap
2.2.14
openldapopenldap
2.2.15
openldapopenldap
2.2.16
openldapopenldap
2.2.17
openldapopenldap
2.2.18
openldapopenldap
2.2.19
openldapopenldap
2.2.20
openldapopenldap
2.2.21
openldapopenldap
2.2.22
openldapopenldap
2.2.23
openldapopenldap
2.2.24
openldapopenldap
2.2.25
openldapopenldap
2.2.26
openldapopenldap
2.2.27
openldapopenldap
2.3.4
openldapopenldap
2.3.5
openldapopenldap
2.3.6
openldapopenldap
2.3.7
openldapopenldap
2.3.8
openldapopenldap
2.3.9
openldapopenldap
2.3.10
openldapopenldap
2.3.11
openldapopenldap
2.3.12
openldapopenldap
2.3.13
openldapopenldap
2.3.14
openldapopenldap
2.3.15
openldapopenldap
2.3.16
openldapopenldap
2.3.17
openldapopenldap
2.3.18
openldapopenldap
2.3.19
openldapopenldap
2.3.20
openldapopenldap
2.3.21
openldapopenldap
2.3.22
openldapopenldap
2.3.23
openldapopenldap
2.3.24
openldapopenldap
2.3.25
openldapopenldap
2.3.26
openldapopenldap
2.3.27
openldapopenldap
2.3.28
openldapopenldap
2.3.29
openldapopenldap
2.3.30
openldapopenldap
2.3.31
openldapopenldap
2.3.32
openldapopenldap
2.3.33
openldapopenldap
2.3.34
openldapopenldap
2.3.35
openldapopenldap
2.3.36
openldapopenldap
2.3.37
openldapopenldap
2.3.38
openldapopenldap
2.3.39
openldapopenldap
2.3.40
openldapopenldap
2.3.41
openldapopenldap
2.3.42
openldapopenldap
2.3.43
openldapopenldap
2.4.3
openldapopenldap
2.4.6
openldapopenldap
2.4.7
openldapopenldap
2.4.8
openldapopenldap
2.4.9
openldapopenldap
2.4.10
openldapopenldap
2.4.11
openldapopenldap
2.4.12
openldapopenldap
2.4.13
openldapopenldap
2.4.14
openldapopenldap
2.4.15
openldapopenldap
2.4.16
openldapopenldap
2.4.17
openldapopenldap
2.4.18
openldapopenldap
2.4.19
openldapopenldap
2.4.20
openldapopenldap
2.4.21
openldapopenldap
2.4.22
openldapopenldap
2.4.23
openldapopenldap
2.4.24
openldapopenldap
2.4.25
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openldap
bookworm
2.5.13+dfsg-5
fixed
bullseye
2.4.57+dfsg-3+deb11u1
fixed
bullseye (security)
2.4.57+dfsg-3+deb11u1
fixed
sid
2.5.18+dfsg-3
fixed
trixie
2.5.18+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openldap
hardy
dne
lucid
Fixed 2.4.21-0ubuntu5.6
released
maverick
Fixed 2.4.23-0ubuntu3.7
released
natty
Fixed 2.4.23-6ubuntu6.1
released
oneiric
Fixed 2.4.25-1.1ubuntu4.1
released
openldap2.3
hardy
not-affected
lucid
dne
maverick
dne
natty
dne
oneiric
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/46599
http://security.gentoo.org/glsa/glsa-201406-36.xml
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commitdiff%3Bh=507238713b71208ec4f262f312cb495a302df9e9
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059%3Bselectid=7059
http://www.openwall.com/lists/oss-security/2011/10/26/5
http://www.openwall.com/lists/oss-security/2011/10/26/9
http://www.securityfocus.com/bid/50384
http://www.ubuntu.com/usn/USN-1266-1
https://bugzilla.redhat.com/show_bug.cgi?id=749324
https://exchange.xforce.ibmcloud.com/vulnerabilities/70991
http://secunia.com/advisories/46599
http://security.gentoo.org/glsa/glsa-201406-36.xml
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commitdiff%3Bh=507238713b71208ec4f262f312cb495a302df9e9
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059%3Bselectid=7059
http://www.openwall.com/lists/oss-security/2011/10/26/5
http://www.openwall.com/lists/oss-security/2011/10/26/9
http://www.securityfocus.com/bid/50384
http://www.ubuntu.com/usn/USN-1266-1
https://bugzilla.redhat.com/show_bug.cgi?id=749324
https://exchange.xforce.ibmcloud.com/vulnerabilities/70991