{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-19T00:00:00", "descriptions": [{"lang": "en", "value": "The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-13T20:06:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "72519", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72519"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562c"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT204659"}, {"name": "openldap-cve20151545-dos(100937)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100937"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "DSA-3209", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3209"}, {"name": "APPLE-SA-2015-04-08-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"name": "openSUSE-SU-2015:1325", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html"}, {"name": "1032399", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032399"}, {"name": "MDVSA-2015:073", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073"}, {"name": "MDVSA-2015:074", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:074"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openldap.org/its/?findid=8027"}, {"name": "62787", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62787"}, {"name": "[oss-security] 20150207 Re: CVE request: two OpenLDAP DoS issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/02/07/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210788"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1545", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "72519", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72519"}, {"name": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=c32e74763f77675b9e144126e375977ed6dc562c", "refsource": "CONFIRM", "url": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=c32e74763f77675b9e144126e375977ed6dc562c"}, {"name": "https://support.apple.com/HT204659", "refsource": "CONFIRM", "url": "https://support.apple.com/HT204659"}, {"name": "openldap-cve20151545-dos(100937)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100937"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "DSA-3209", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3209"}, {"name": "APPLE-SA-2015-04-08-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"name": "openSUSE-SU-2015:1325", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html"}, {"name": "1032399", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032399"}, {"name": "MDVSA-2015:073", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073"}, {"name": "MDVSA-2015:074", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:074"}, {"name": "http://www.openldap.org/its/?findid=8027", "refsource": "CONFIRM", "url": "http://www.openldap.org/its/?findid=8027"}, {"name": "62787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62787"}, {"name": "[oss-security] 20150207 Re: CVE request: two OpenLDAP DoS issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/02/07/3"}, {"name": "https://support.apple.com/kb/HT210788", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210788"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:47:16.804Z"}, "title": "CVE Program Container", "references": [{"name": "72519", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72519"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562c"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT204659"}, {"name": "openldap-cve20151545-dos(100937)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100937"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "DSA-3209", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3209"}, {"name": "APPLE-SA-2015-04-08-2", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"name": "openSUSE-SU-2015:1325", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html"}, {"name": "1032399", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032399"}, {"name": "MDVSA-2015:073", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073"}, {"name": "MDVSA-2015:074", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:074"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openldap.org/its/?findid=8027"}, {"name": "62787", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62787"}, {"name": "[oss-security] 20150207 Re: CVE request: two OpenLDAP DoS issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/02/07/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210788"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-1545", "datePublished": "2015-02-12T16:00:00", "dateReserved": "2015-02-07T00:00:00", "dateUpdated": "2024-08-06T04:47:16.804Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "E99FB859-D023-4B2B-A709-05E83A46E2A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "8D2EEBC7-1FAF-43E2-A124-C387C02D9E2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "95D242E4-D5EB-4785-A6EF-60B1E8E2B0EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "F6FEDD9C-FDF7-456A-B06C-0A4A4443991D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "9245CDE2-B90A-4D47-BA20-A7869FF0A645", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "FB993E4D-E573-4495-97DE-465DDB2AA2DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*", "matchCriteriaId": "D0F106A3-63D5-4D07-9440-6628DBA78BE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "36CC03BC-DF34-43CD-90B0-27D23A1DD06A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*", "matchCriteriaId": "16C90FEE-527E-47F5-8840-517A55163D8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*", "matchCriteriaId": "0FAEA812-BB47-47A3-A975-B3B8D30DBA36", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*", "matchCriteriaId": "5DE5D180-3972-40A0-ADAF-A4F3364D1381", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*", "matchCriteriaId": "AD76F376-00D8-4917-BF68-6EECC316C331", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*", "matchCriteriaId": "F7063C11-3BF5-4037-ADC3-0C7E9AF830B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*", "matchCriteriaId": "CAE258EA-1B57-4189-AD5A-7E2ACF223167", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*", "matchCriteriaId": "C492F5F5-A6FD-4BED-890A-79254138CC0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*", "matchCriteriaId": "A6F7FDE8-2E54-4162-AA5F-D81253AAC8FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*", "matchCriteriaId": "693E3145-FDDB-4780-886B-6D7FC7B2C5B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*", "matchCriteriaId": "1BF32056-CC6A-4B2B-8FAA-F573445B9B99", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:*", "matchCriteriaId": "93B99338-4A1A-4483-8308-49BCCB325C30", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:*", "matchCriteriaId": "FE652CE3-E16B-4062-8253-F3FB52A651EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:*", "matchCriteriaId": "2A30ED6D-1DB8-4563-B131-1532F97F9694", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:*", "matchCriteriaId": "7764366D-29BB-4D75-A33C-7C17DA7496DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:*", "matchCriteriaId": "0A38D99B-370E-430A-A657-CD9FF72D0863", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:*", "matchCriteriaId": "AB3D3034-D938-402D-A02F-3F4005C438AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.37:*:*:*:*:*:*:*", "matchCriteriaId": "A7D979A0-3214-4DC6-A838-0AD2444CA5FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.38:*:*:*:*:*:*:*", "matchCriteriaId": "25B3EF5D-7889-4206-838C-E932AFCBE15D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.39:*:*:*:*:*:*:*", "matchCriteriaId": "6B20FA14-9F5B-425D-ACEF-A2348252C39A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.40:*:*:*:*:*:*:*", "matchCriteriaId": "43B01F94-261C-4718-A82D-28DAE9B67936", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request."}, {"lang": "es", "value": "La funci\u00f3n deref_parseCtrl en servers/slapd/overlays/deref.c en OpenLDAP 2.4.13 hasta 2.4.40 permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda) a trav\u00e9s de una lista de atributos vac\u00eda en un control de referencia en una solicitud de b\u00fasqueda."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", "id": "CVE-2015-1545", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-02-12T16:59:06.143", "references": [{"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/62787"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3209"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:074"}, {"source": "cve@mitre.org", "url": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562c"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.openldap.org/its/?findid=8027"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/02/07/3"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/72519"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1032399"}, {"source": "cve@mitre.org", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100937"}, {"source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/HT204659"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/kb/HT210788"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62787"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3209"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.openldap.org/its/?findid=8027"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/02/07/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72519"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032399"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100937"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/HT204659"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT210788"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Note that the deref overlay is not enabled by default, so this vulnerability only affects sites that have explicitly configured their servers to load and enable the overlay. Since this overlay has never been documented, there are no sites outside of the OpenLDAP developer community with a legitimate reason to enable this module.", "lastModified": "2015-02-25T11:33:12.727", "organization": "openldap.org"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "openldap: slapd crashes on search with deref control and empty attr list", "id": "1190643", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190643"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request."], "name": "CVE-2015-1545", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openldap", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openldap", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openldap", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Not affected", "package_name": "openldap", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "openldap", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}], "public_date": "2015-02-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1545\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1545"], "statement": "This issue did not affect the versions of openldap as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include support for the deref overlay.", "threat_severity": "Moderate"}