CVE-2015-1545

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
openldapopenldap
2.4.13
openldapopenldap
2.4.14
openldapopenldap
2.4.15
openldapopenldap
2.4.16
openldapopenldap
2.4.17
openldapopenldap
2.4.18
openldapopenldap
2.4.19
openldapopenldap
2.4.20
openldapopenldap
2.4.21
openldapopenldap
2.4.22
openldapopenldap
2.4.23
openldapopenldap
2.4.24
openldapopenldap
2.4.25
openldapopenldap
2.4.26
openldapopenldap
2.4.27
openldapopenldap
2.4.28
openldapopenldap
2.4.29
openldapopenldap
2.4.30
openldapopenldap
2.4.31
openldapopenldap
2.4.32
openldapopenldap
2.4.33
openldapopenldap
2.4.34
openldapopenldap
2.4.35
openldapopenldap
2.4.36
openldapopenldap
2.4.37
openldapopenldap
2.4.38
openldapopenldap
2.4.39
openldapopenldap
2.4.40
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openldap
bullseye (security)
2.4.57+dfsg-3+deb11u1
fixed
bullseye
2.4.57+dfsg-3+deb11u1
fixed
wheezy
no-dsa
squeeze
no-dsa
bookworm
2.5.13+dfsg-5
fixed
sid
2.5.18+dfsg-3
fixed
trixie
2.5.18+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openldap
vivid
Fixed 2.4.31-1+nmu2ubuntu12.1
released
utopic
Fixed 2.4.31-1+nmu2ubuntu11.1
released
trusty
Fixed 2.4.31-1+nmu2ubuntu8.1
released
precise
Fixed 2.4.28-1.1ubuntu4.5
released
lucid
ignored
References