servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
Weakness
The product calls free() twice on the same memory address.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openldap | Openldap | * | 2.4.44 (including) |
| Red Hat Enterprise Linux 7 | RedHat | openldap-0:2.4.44-5.el7 | * |
| Openldap | Ubuntu | esm-infra-legacy/trusty | * |
| Openldap | Ubuntu | esm-infra/xenial | * |
| Openldap | Ubuntu | trusty | * |
| Openldap | Ubuntu | trusty/esm | * |
| Openldap | Ubuntu | upstream | * |
| Openldap | Ubuntu | vivid/stable-phone-overlay | * |
| Openldap | Ubuntu | vivid/ubuntu-core | * |
| Openldap | Ubuntu | xenial | * |
| Openldap | Ubuntu | yakkety | * |
| Openldap | Ubuntu | zesty | * |
Potential Mitigations
References
- http://www.debian.org/security/2017/dsa-3868
- http://www.openldap.org/its/?findid=8655
- http://www.securityfocus.com/bid/98736
- http://www.securitytracker.com/id/1038591
- https://access.redhat.com/errata/RHSA-2017:1852
- https://bugs.debian.org/863563
- https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365
- https://www.oracle.com/security-alerts/cpuapr2022.html
- http://www.debian.org/security/2017/dsa-3868
- http://www.openldap.org/its/?findid=8655
- http://www.securityfocus.com/bid/98736
- http://www.securitytracker.com/id/1038591
- https://access.redhat.com/errata/RHSA-2017:1852
- https://bugs.debian.org/863563
- https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365
- https://www.oracle.com/security-alerts/cpuapr2022.html