CVE-2010-0212

Impact:
Important
Public Date:
2010-07-19
CWE:
CWE-476
Bugzilla:
605452: CVE-2010-0212 openldap: modrdn processing IA5StringNormalize NULL pointer dereference

The MITRE CVE dictionary describes this issue as:

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.

Find out more about CVE-2010-0212 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 5
Base Metrics AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (openldap) RHSA-2010:0542 2010-07-20

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 openldap Not affected
Red Hat Enterprise Linux 4 openldap Affected
Red Hat Enterprise Linux 3 openldap Affected

Acknowledgements

Red Hat would like to thank CERT-FI for responsibly reporting this flaw, who credit Ilkka Mattila and Tuomas Salomäki for the discovery of the issue.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.