CVE-2015-1546 : Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attack

Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.

Published 2015-02-12 16:59:07

Updated 2018-10-30 16:27:36

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2015-1546

Probability of exploitation activity in the next 30 days: 2.84%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-1546

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2015-1546

https://exchange.xforce.ibmcloud.com/vulnerabilities/100938

OpenLDAP get_vrFilter denial of service CVE-2015-1546 Vulnerability Report
http://secunia.com/advisories/62787

Sign in
http://www.openwall.com/lists/oss-security/2015/02/07/3

oss-security - Re: CVE request: two OpenLDAP DoS issues

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html

openSUSE-SU-2015:1325-1: moderate: Security update for openldap2

CVEs referencing this url
http://www.openldap.org/its/?findid=8046

OpenLDAP ITS - Message 8046
https://support.apple.com/HT204659

About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004 - Apple Support

CVEs referencing this url
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991

#776991 - openldap: CVE-2015-1546: crash in valueReturnFilter cleanup - Debian Bug report logs
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a

OpenLDAP Source Repository - openldap.git/commit
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

Apple - Lists.apple.com

CVEs referencing this url

Products affected by CVE-2015-1546

Apple » Mac Os X » Version: 10.10.2
cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*
Matching versions
Openldap » Openldap » Version: 2.4.40
cpe:2.3:a:openldap:openldap:2.4.40:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-1546

Exploit prediction scoring system (EPSS) score for CVE-2015-1546

CVSS scores for CVE-2015-1546

References for CVE-2015-1546

Products affected by CVE-2015-1546