CVE-2023-2953

NameCVE-2023-2953
DescriptionA vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1036995

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openldap (PTS)bullseye (security), bullseye2.4.57+dfsg-3+deb11u1vulnerable
bookworm2.5.13+dfsg-5vulnerable
trixie2.5.18+dfsg-1fixed
sid2.5.18+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openldapsourceexperimental2.6.4+dfsg-1~exp1
openldapsource(unstable)2.5.16+dfsg-11036995

Notes

[bookworm] - openldap <no-dsa> (Minor issue)
[bullseye] - openldap <no-dsa> (Minor issue)
[buster] - openldap <no-dsa> (Minor issue)
https://bugs.openldap.org/show_bug.cgi?id=9904
https://git.openldap.org/openldap/openldap/-/commit/ea8dd2d279c5aeaf9d4672a4e95bebd99babcce1 (master)
https://git.openldap.org/openldap/openldap/-/commit/3f2abd0b2eeec8522e50d5c4ea4992e70e8f9915 (master)
https://git.openldap.org/openldap/openldap/-/commit/c5c8c06a8bd52ea7b843e7d8ca961a7d1800ce5f (OPENLDAP_REL_ENG_2_6_4)
https://git.openldap.org/openldap/openldap/-/commit/840944e26f734bb03d925f26c4ef11a6cedcbb9c (OPENLDAP_REL_ENG_2_6_4)
https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce (OPENLDAP_REL_ENG_2_5_14)
https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b (OPENLDAP_REL_ENG_2_5_14)

Search for package or bug name: Reporting problems