Martin Nagy : Security Vulnerabilities, CVEs,
The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query.
Max CVSS
5.0
EPSS Score
0.99%
Published
2012-08-07
Updated
2017-08-29
The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service (infinite loop and named server hang) via a non-alphabet character in the base DN in an LDAP search DNS query.
Max CVSS
4.3
EPSS Score
1.22%
Published
2014-02-26
Updated
2014-03-10
2 vulnerabilities found