Vulnerability Details : CVE-2015-1545
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
Vulnerability category: Memory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2015-1545
Probability of exploitation activity in the next 30 days: 96.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-1545
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
Vendor statements for CVE-2015-1545
-
openldap.org 2015-02-25Note that the deref overlay is not enabled by default, so this vulnerability only affects sites that have explicitly configured their servers to load and enable the overlay. Since this overlay has never been documented, there are no sites outside of the OpenLDAP developer community with a legitimate reason to enable this module.
-
https://seclists.org/bugtraq/2019/Dec/23
Bugtraq: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100937
OpenLDAP deref_parseCtrl denial of service CVE-2015-1545 Vulnerability Report
-
http://seclists.org/fulldisclosure/2019/Dec/26
Full Disclosure: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:074
mandriva.com
-
https://support.apple.com/kb/HT210788
About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra - Apple Support
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:073
mandriva.com
-
http://www.openwall.com/lists/oss-security/2015/02/07/3
oss-security - Re: CVE request: two OpenLDAP DoS issues
-
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=c32e74763f77675b9e144126e375977ed6dc562c
OpenLDAP Source Repository - openldap.git/commit
-
http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html
openSUSE-SU-2015:1325-1: moderate: Security update for openldap2
-
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Oracle Solaris Third Party Bulletin - July 2015
-
https://support.apple.com/HT204659
About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004 - Apple Support
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988
#776988 - openldap: CVE-2015-1545: crashes on search with deref control and empty attr list - Debian Bug report logs
-
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Apple - Lists.apple.com
-
http://www.securitytracker.com/id/1032399
OpenLDAP Null Pointer Dereference in deref_parseCtrl() Lets Remote Users Deny Service - SecurityTracker
-
http://www.openldap.org/its/?findid=8027
OpenLDAP ITS - Message 8027Exploit;Vendor Advisory
-
http://www.debian.org/security/2015/dsa-3209
Debian -- Security Information -- DSA-3209-1 openldap
-
http://www.securityfocus.com/bid/72519
OpenLDAP slapd Multiple Denial of Service Vulnerabilities
- cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.39:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.37:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.38:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.40:*:*:*:*:*:*:*