CVE-2015-6908

Priority
Description
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and
earlier allows remote attackers to cause a denial of service (reachable
assertion and application crash) via crafted BER data, as demonstrated by
an attack against slapd.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.4.42+dfsg-2)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.4.31-1+nmu2ubuntu8.2)
Patches:
Upstream:http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
More Information

Updated: 2019-12-05 18:42:47 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)