CVE-2011-4079

EPSS 6.8%

Published: 10/27/2011Modified: 4/28/2026

Also known as:DEBIAN-CVE-2011-4079

Description

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.

Affected packages (1)

Debian/openldapfrom 0, < 2.4.28-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-4079