Vulnerability Details : CVE-2012-1164
slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2012-1164
- cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*
Threat overview for CVE-2012-1164
Top countries where our scanners detected CVE-2012-1164
Top open port discovered on systems with this issue
389
IPs affected by CVE-2012-1164 848
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-1164!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-1164
15.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-1164
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.6
|
LOW | AV:N/AC:H/Au:N/C:N/I:N/A:P |
4.9
|
2.9
|
NIST |
CWE ids for CVE-2012-1164
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1164
-
https://seclists.org/bugtraq/2019/Dec/23
Bugtraq: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
-
http://seclists.org/fulldisclosure/2019/Dec/26
Full Disclosure: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
-
http://security.gentoo.org/glsa/glsa-201406-36.xml
OpenLDAP: Multiple vulnerabilities (GLSA 201406-36) — Gentoo security
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:130
mandriva.com
-
https://support.apple.com/kb/HT210788
About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support
-
http://www.securityfocus.com/bid/52404
OpenLDAP LDAP Search Request Remote Denial of Service Vulnerability
-
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7143
OpenLDAP ITS - Software Bugs/7143Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-0899.html
RHSA-2012:0899 - Security Advisory - Red Hat Customer Portal
-
http://www.openldap.org/software/release/changes.html
OpenLDAP, 2.4.48 Release Changes
Jump to