CVE-2011-4079

Priority
Description
Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and
earlier allows remote attackers to cause a denial of service (slapd crash)
via a zero-length string that triggers a heap-based buffer overflow, as
demonstrated using an empty postalAddressAttribute value in an LDIF entry.
Notes
 tyhicks> Per Red Hat, this may not be exploitable due to properties of the
 tyhicks> memory allocator.
 jdstrand> patch requires http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=patch;h=d0dd8616f1c68a868afeb8c2c5c09969e366e2c0
 jdstrand> while bug exists since 2003, postalAddressValidate() is only
  function that could pass a 0-length string, and this is not present in
  8.04 LTS.
 jdstrand> while RedHat claims heap implementation makes this not exploitable,
  will patch Ubuntu 10.04 and higher just in case the evaluation is incorrect.
Assigned-to
jdstrand
Package
Upstream:needed
More Information

Updated: 2019-03-19 12:01:24 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)