CVE-2013-4449
Description
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
Risk Information
Base Score
10.0
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
68.747
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in MacOS Catalina 10.15.2 | Mac |
| Multiple vulnerabilities are fixed in MacOS Catalina 10.15.2 Combo Update | Mac |
| OpenLDAP utilities (USN-2622-1) slapd_2.4.31-1+nmu2ubuntu8.2_i386.deb | Linux |
| OpenLDAP utilities (USN-2622-1) slapd_2.4.31-1+nmu2ubuntu12.3_i386.deb | Linux |
| OpenLDAP utilities (USN-2622-1) slapd_2.4.31-1+nmu2ubuntu12.3_amd64.deb | Linux |
| CVE-2013-4449 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-602673 | MacOS Catalina 10.15.7 - Auto Reboot |
| PATCH-602674 | macOS Catalina 10.15.7 Combo Update - Auto Reboot |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234