CVE-2008-2952 in Ubuntu

CVE-2008-2952

Priority

Medium

Description

liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a
denial of service (program termination) via crafted ASN.1 BER datagrams
that trigger an assertion error.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2952
https://usn.ubuntu.com/usn/usn-634-1

Bugs

https://bugs.launchpad.net/bugs/249878

Assigned-to

kees

Package

Source: openldap (LP Ubuntu Debian)

Upstream:

released (2.4.11)

Patches:

Upstream:

http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.111.2.7&r2=1.111.2.8&hideattic=1&sortbydate=0

Package

Source: openldap2.2 (LP Ubuntu Debian)

Upstream:

needs-triage

Package

Source: openldap2.3 (LP Ubuntu Debian)

Upstream:

needs-triage

Patches:

Upstream:

http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.107.2.7&r2=1.107.2.8&hideattic=1&sortbydate=0

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2017-12-15 20:26:25 UTC (commit 13913)