Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 04:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2011-10-27 20:55
Updated : 2023-12-10 11:03
NVD link : CVE-2011-4079
Mitre link : CVE-2011-4079
CVE.ORG link : CVE-2011-4079
JSON object : View
Products Affected
openldap
- openldap
CWE
CWE-189
Numeric Errors