Back to search
CVE-2013-4449
Published: Feb 5, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.openldap.org/its/index.cgi/Incoming?id=7723
x_refsource_CONFIRM
MDVSA-2014:026
vendor-advisory
x_refsource_MANDRIVA
https://bugzilla.redhat.com/show_bug.cgi?id=1019490
x_refsource_CONFIRM
DSA-3209
vendor-advisory
x_refsource_DEBIAN
RHSA-2014:0126
vendor-advisory
x_refsource_REDHAT
[oss-security] 20131018 Re: CVE request: slapd segfaults on certain queries with rwm overlay enabled
mailing-list
x_refsource_MLIST
RHSA-2014:0206
vendor-advisory
x_refsource_REDHAT
63190
vdb-entry
x_refsource_BID
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
x_refsource_CONFIRM
1029711
vdb-entry
x_refsource_SECTRACK
20140401 Cisco Unified Communications Manager Denial of Service Vulnerability
vendor-advisory
x_refsource_CISCO
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
x_refsource_CONFIRM
https://support.apple.com/kb/HT210788
x_refsource_CONFIRM
20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
mailing-list
x_refsource_BUGTRAQ
20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now