[v3.1] openldap: NULL pointer dereference (CVE-2015-1545)
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
References:
http://seclists.org/oss-sec/2015/q1/452
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1545
CONFIRM:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=c32e74763f77675b9e144126e375977ed6dc562c
http://cwe.mitre.org/data/definitions/476.html
(from redmine: issue id 3970, created on 2015-03-09, closed on 2015-03-16)
- Relations:
- parent #3966 (closed)
- Changesets:
- Revision b4946d66 by Natanael Copa on 2015-03-10T13:05:45Z:
main/openldap: security fix for CVE-2015-1545,CVE-2015-1546
ref #3965
ref #3966
fixes #3970