CVE-2015-1827

NameCVE-2015-1827
DescriptionThe get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freeipa (PTS)buster4.7.2-3fixed
bookworm4.9.11-1fixed
sid4.9.11-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freeipasource(unstable)(not affected)

Notes

- freeipa <not-affected> (Only affects 4.1, see bug #781224)
https://fedorahosted.org/freeipa/ticket/4908
Search for package or bug name: Reporting problems