DSA-4884-1 ldb -- ldbID: oval:org.secpod.oval:def:71230 | Date: (C)2021-04-18 (M)2023-02-08 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in libldb1, a LDAP-like embedded database built on top of TDB. CVE-2020-10730 Andrew Bartlett discovered a NULL pointer dereference and use-after-free flaw when handling "ASQ" and "VLV" LDAP controls and combinations with the LDAP paged_results feature. CVE-2020-27840 Douglas Bagnall discovered a heap corruption flaw via crafted DN strings. CVE-2021-20277 Douglas Bagnall discovered an out-of-bounds read vulnerability in handling LDAP attributes that contains multiple consecutive leading spaces.