|Bugzilla:||1019490: CVE-2013-4449 openldap: segfault on certain queries with rwm overlay|
The MITRE CVE dictionary describes this issue as:
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux version 5 (openldap)||RHSA-2014:0206||February 24, 2014|
|Red Hat Enterprise Linux version 6 (openldap)||RHSA-2014:0126||February 03, 2014|
Red Hat would like to thank Michael Vishchers from Seven Principles AG for reporting this issue.
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.