openldap: NULL pointer dereference (CVE-2015-1545)
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
References:
http://seclists.org/oss-sec/2015/q1/452
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1545
CONFIRM:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=c32e74763f77675b9e144126e375977ed6dc562c
http://cwe.mitre.org/data/definitions/476.html
(from redmine: issue id 3966, created on 2015-03-09, closed on 2015-03-16)
- Relations:
- child #3967 (closed)
- child #3968 (closed)
- child #3969 (closed)
- child #3970 (closed)
- Changesets:
- Revision 4063a9f5 by Natanael Copa on 2015-03-10T12:07:46Z:
main/openldap: security fix for CVE-2015-1545
ref #3966
- Revision b4946d66 by Natanael Copa on 2015-03-10T13:05:45Z:
main/openldap: security fix for CVE-2015-1545,CVE-2015-1546
ref #3965
ref #3966
fixes #3970
- Revision 27b14baf by Natanael Copa on 2015-03-10T13:55:52Z:
main/openldap: security fix for CVE-2015-1545,CVE-2015-1546
ref #3965
ref #3966
fixes #3969
- Revision ae0ea5cd by Natanael Copa on 2015-03-10T14:46:32Z:
main/openldap: security fix for CVE-2015-1545,CVE-2015-1546
ref #3965
ref #3966
fixes #3968
- Revision c35d8ac2 by Natanael Copa on 2015-03-10T14:57:48Z:
main/openldap: security fix for CVE-2015-1545,CVE-2015-1546
ref #3965
ref #3966
fixes #3967