OpenLDAP 2.5.0 Alpha

CPE Details

OpenLDAP 2.5.0 Alpha
openldap
openldap
2.5.0
2021-02-18
13h58 +00:00
2021-02-18
13h58 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openldap:openldap:2.5.0:alpha:*:*:*:*:*:*

Informations

Vendor

openldap

Product

openldap

Version

2.5.0

Update

alpha

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-29155 2022-05-04 17h06 +00:00 In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
9.8
Critical
CVE-2021-27212 2021-02-14 01h53 +00:00 In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.
7.5
High
CVE-2005-2069 2005-06-29 02h00 +00:00 pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
5
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.