Bug 2081935 (CVE-2022-29155)
| Summary: | CVE-2022-29155 openldap: OpenLDAP SQL injection | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | lance, ldap-maint, spichugi, vashirov |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | openldap 2.5.12, openldap 2.6.2 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in the openldap-servers package. A SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This issue occurs during an LDAP search operation when the search filter is processed due to a lack of proper escaping.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-06-06 14:49:44 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2081936, 2083625, 2083626, 2083627, 2083628 | ||
| Bug Blocks: | 2081937 | ||
|
Description
Avinash Hanwate
2022-05-05 03:41:40 UTC
Created openldap tracking bugs for this issue: Affects: fedora-all [bug 2081936] The issue happens in openldap-servers package, which is not shipped since RHEL 8. Hence, I'm closing the issues as WONTFIX. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-29155 |