CVE-2015-1545

Severity

50%

Complexity

99%

Confidentiality

48%

CWE-476: NULL Pointer Dereference

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.

CWE-476: NULL Pointer Dereference

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

OpenLDAP

First reported 10 years ago

2015-02-12 16:59:00

Last updated 7 years ago

2017-09-08 01:29:00

Affected Software

OpenLDAP 2.4.13

2.4.13

OpenLDAP 2.4.14

2.4.14

OpenLDAP 2.4.15

2.4.15

OpenLDAP 2.4.16

2.4.16

OpenLDAP 2.4.17

2.4.17

OpenLDAP 2.4.18

2.4.18

OpenLDAP 2.4.19

2.4.19

OpenLDAP 2.4.20

2.4.20

OpenLDAP 2.4.21

2.4.21

OpenLDAP 2.4.22

2.4.22

OpenLDAP 2.4.23

2.4.23

OpenLDAP 2.4.24

2.4.24

OpenLDAP 2.4.25

2.4.25

OpenLDAP 2.4.26

2.4.26

OpenLDAP 2.4.27

2.4.27

OpenLDAP 2.4.28

2.4.28

OpenLDAP 2.4.29

2.4.29

OpenLDAP 2.4.30

2.4.30

OpenLDAP OpenLDAP 2.4.31

2.4.31

OpenLDAP OpenLDAP 2.4.32

2.4.32

OpenLDAP OpenLDAP 2.4.33

2.4.33

OpenLDAP OpenLDAP 2.4.34

2.4.34

OpenLDAP OpenLDAP 2.4.35

2.4.35

OpenLDAP OpenLDAP 2.4.36

2.4.36

OpenLDAP OpenLDAP 2.4.37

2.4.37

OpenLDAP OpenLDAP 2.4.38

2.4.38

OpenLDAP OpenLDAP 2.4.39

2.4.39

OpenLDAP OpenLDAP 2.4.40

2.4.40

References

APPLE-SA-2015-04-08-2

openSUSE-SU-2015:1325

20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra

62787

DSA-3209

MDVSA-2015:073

MDVSA-2015:074

http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=c32e74763f77675b9e144126e375977ed6dc562c

http://www.openldap.org/its/?findid=8027

Exploit, Vendor Advisory

[oss-security] 20150207 Re: CVE request: two OpenLDAP DoS issues

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

72519

1032399

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988

openldap-cve20151545-dos(100937)

20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra

https://support.apple.com/HT204659

https://support.apple.com/kb/HT210788

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.