CVE-2011-4079

Priority
Description
Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and
earlier allows remote attackers to cause a denial of service (slapd crash)
via a zero-length string that triggers a heap-based buffer overflow, as
demonstrated using an empty postalAddressAttribute value in an LDIF entry.
Assigned-to
jdstrand
Notes
tyhicksPer Red Hat, this may not be exploitable due to properties of the
memory allocator.
jdstrandpatch requires http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=patch;h=d0dd8616f1c68a868afeb8c2c5c09969e366e2c0
while bug exists since 2003, postalAddressValidate() is only
function that could pass a 0-length string, and this is not present in
8.04 LTS.
while RedHat claims heap implementation makes this not exploitable,
will patch Ubuntu 10.04 and higher just in case the evaluation is incorrect.
Package
Upstream:needed
More Information

Updated: 2020-03-18 22:07:45 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)