CVE-2015-6908

EPSS 70.5%

openldap - security update

Published: 9/11/2015Modified: 4/28/2026

Description

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

Affected packages (3)

Debian/openldapfrom 0, < 2.4.42+dfsg-2
Debian/openldapfrom 0, < 2.4.23-7.3+deb6u2
Debian/openldapfrom 0, < 2.4.31-2+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-6908