CVE-2015-1545

Publication date 12 February 2015

Last updated 24 July 2024

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openldap	15.04 vivid	Fixed 2.4.31-1+nmu2ubuntu12.1
	14.10 utopic	Fixed 2.4.31-1+nmu2ubuntu11.1
	14.04 LTS trusty	Fixed 2.4.31-1+nmu2ubuntu8.1
	12.04 LTS precise	Fixed 2.4.28-1.1ubuntu4.5
	10.04 LTS lucid	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
openldap	Upstream: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=7a5a98577a0481d864ca7fe05b9b32274d4d1fb5

References

Related Ubuntu Security Notices (USN)

USN-2622-1
OpenLDAP vulnerabilities
26 May 2015

Other references

https://www.cve.org/CVERecord?id=CVE-2015-1545