CVE-2012-1164

slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
openldapopenldap
𝑥
≤ 2.4.29
openldapopenldap
2.4.6
openldapopenldap
2.4.7
openldapopenldap
2.4.8
openldapopenldap
2.4.9
openldapopenldap
2.4.10
openldapopenldap
2.4.11
openldapopenldap
2.4.12
openldapopenldap
2.4.13
openldapopenldap
2.4.14
openldapopenldap
2.4.15
openldapopenldap
2.4.16
openldapopenldap
2.4.17
openldapopenldap
2.4.18
openldapopenldap
2.4.19
openldapopenldap
2.4.20
openldapopenldap
2.4.21
openldapopenldap
2.4.22
openldapopenldap
2.4.23
openldapopenldap
2.4.24
openldapopenldap
2.4.25
openldapopenldap
2.4.26
openldapopenldap
2.4.27
openldapopenldap
2.4.28
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openldap
bullseye (security)
2.4.57+dfsg-3+deb11u1
fixed
bullseye
2.4.57+dfsg-3+deb11u1
fixed
squeeze
no-dsa
bookworm
2.5.13+dfsg-5
fixed
sid
2.5.18+dfsg-3
fixed
trixie
2.5.18+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openldap
vivid
not-affected
utopic
not-affected
trusty
not-affected
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
Fixed 2.4.28-1.1ubuntu4.5
released
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
dne
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2012-0899.html
http://seclists.org/fulldisclosure/2019/Dec/26
http://secunia.com/advisories/48372
http://secunia.com/advisories/49607
http://security.gentoo.org/glsa/glsa-201406-36.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2012:130
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7143
http://www.openldap.org/software/release/changes.html
http://www.securityfocus.com/bid/52404
https://seclists.org/bugtraq/2019/Dec/23
https://support.apple.com/kb/HT210788
http://rhn.redhat.com/errata/RHSA-2012-0899.html
http://seclists.org/fulldisclosure/2019/Dec/26
http://secunia.com/advisories/48372
http://secunia.com/advisories/49607
http://security.gentoo.org/glsa/glsa-201406-36.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2012:130
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7143
http://www.openldap.org/software/release/changes.html
http://www.securityfocus.com/bid/52404
https://seclists.org/bugtraq/2019/Dec/23
https://support.apple.com/kb/HT210788