Bug 2403230 (CVE-2025-61912) - CVE-2025-61912 python-ldap: python-ldap Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination
Summary: CVE-2025-61912 python-ldap: python-ldap Vulnerable to Improper Encoding or Es...
Keywords:
Status: NEW
Alias: CVE-2025-61912
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2406989 2406991 2406992 2406993 2406994 2406995 2406996
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-10-10 23:01 UTC by OSIDB Bzimport
Modified: 2025-10-29 08:28 UTC (History)
40 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-10-10 23:01:59 UTC 
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.
Note You need to log in before you can comment on or make changes to this bug.