CVE Database

CVE-2013-4449

Impact: Moderate
Public: 2013-10-11
Bugzilla: 1019490: CVE-2013-4449 openldap: segfault on certain queries with rwm overlay

Details

The MITRE CVE dictionary describes this issue as:

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.

Find out more about CVE-2013-4449 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

Base Score: 4.3
Base Metrics: AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 5 (openldap) RHSA-2014:0206 February 24, 2014
Red Hat Enterprise Linux version 6 (openldap) RHSA-2014:0126 February 03, 2014

External References

Acknowledgements

Red Hat would like to thank Michael Vishchers from Seven Principles AG for reporting this issue.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.