CVE-2011-4079
EPSS 6.8%
描述
Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.
如何修補 CVE-2011-4079
要修補 CVE-2011-4079,請將受影響套件升級到下列已修補版本。
- Debian/openldap—升級至 2.4.28-1 或更新版本
CVE-2011-4079 正在被利用嗎?
中等 — EPSS 為 6.8%,可持續追蹤但非最高優先。
受影響套件(1)
- from 0, < 2.4.28-1