| Name | CVE-2023-2953 |
| Description | A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1036995 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| openldap (PTS) | buster, buster (security) | 2.4.47+dfsg-3+deb10u7 | vulnerable |
| bullseye (security), bullseye | 2.4.57+dfsg-3+deb11u1 | vulnerable |
| trixie, bookworm | 2.5.13+dfsg-5 | vulnerable |
| sid | 2.5.16+dfsg-2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| openldap | source | experimental | 2.6.4+dfsg-1~exp1 | | | |
| openldap | source | (unstable) | 2.5.16+dfsg-1 | | | 1036995 |
Notes
[bookworm] - openldap <no-dsa> (Minor issue)
[bullseye] - openldap <no-dsa> (Minor issue)
[buster] - openldap <no-dsa> (Minor issue)
https://bugs.openldap.org/show_bug.cgi?id=9904
https://git.openldap.org/openldap/openldap/-/commit/ea8dd2d279c5aeaf9d4672a4e95bebd99babcce1 (master)
https://git.openldap.org/openldap/openldap/-/commit/3f2abd0b2eeec8522e50d5c4ea4992e70e8f9915 (master)
https://git.openldap.org/openldap/openldap/-/commit/c5c8c06a8bd52ea7b843e7d8ca961a7d1800ce5f (OPENLDAP_REL_ENG_2_6_4)
https://git.openldap.org/openldap/openldap/-/commit/840944e26f734bb03d925f26c4ef11a6cedcbb9c (OPENLDAP_REL_ENG_2_6_4)
https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce (OPENLDAP_REL_ENG_2_5_14)
https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b (OPENLDAP_REL_ENG_2_5_14)