DSA-4884-1 ldb -- ldbID: oval:org.secpod.oval:def:605481 | Date: (C)2021-04-07 (M)2023-12-20 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in ldb, a LDAP-like embedded database built on top of TDB. CVE-2020-10730 Andrew Bartlett discovered a NULL pointer dereference and use-after-free flaw when handling "ASQ" and "VLV" LDAP controls and combinations with the LDAP paged_results feature. CVE-2020-27840 Douglas Bagnall discovered a heap corruption flaw via crafted DN strings. CVE-2021-20277 Douglas Bagnall discovered an out-of-bounds read vulnerability in handling LDAP attributes that contains multiple consecutive leading spaces.
Product: |
ldb-tools |
python-ldb |
libldb-dev |
libldb1 |