OpenLDAP 2.4.57

CPE Details

OpenLDAP 2.4.57
openldap
openldap
2.4.57
2021-01-27
13h05 +00:00
2021-01-27
13h05 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openldap:openldap:2.4.57:*:*:*:*:*:*:*

Informations

Vendor

openldap

Product

openldap

Version

2.4.57

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-29155 2022-05-04 17h06 +00:00 In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
9.8
Critical
CVE-2021-27212 2021-02-14 01h53 +00:00 In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.
7.5
High
CVE-2015-3276 2015-12-07 19h00 +00:00 The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.
7.5
High
CVE-2005-2069 2005-06-29 02h00 +00:00 pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
5