Bug 1190643 (CVE-2015-1545) - CVE-2015-1545 openldap: slapd crashes on search with deref control and empty attr list
Summary: CVE-2015-1545 openldap: slapd crashes on search with deref control and empty ...
Alias: CVE-2015-1545
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1190645
Blocks: 1190647
TreeView+ depends on / blocked
Reported: 2015-02-09 10:37 UTC by Vasyl Kaigorodov
Modified: 2019-09-29 13:27 UTC (History)
20 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-06-19 11:07:50 UTC

Attachments (Terms of Use)

Description Vasyl Kaigorodov 2015-02-09 10:37:16 UTC
It was reported [1] that with the deref overlay enabled, ldapsearch with '-E deref=member:' causes slapd to crash.
Upstream bugreport: http://www.openldap.org/its/?findid=8027
Upstream commit: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=7a5a98577a0481d864ca7fe05b9b32274d4d1fb5

[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988

Comment 1 Vasyl Kaigorodov 2015-02-09 10:42:05 UTC
Created openldap tracking bugs for this issue:

Affects: fedora-all [bug 1190645]

Comment 3 Stefan Cornelius 2015-06-19 11:07:50 UTC

This issue did not affect the versions of openldap as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include support for the deref overlay.

Note You need to log in before you can comment on or make changes to this bug.