CRITICAL🇵🇱 Wersja polska

CVE-2010-0211

CVSS 9.8v3.1pub. 2010-07-28upd. 2026-04-29

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apple Mac Os X

    OS
    Apple
    10.6.0 – 10.6.5 (bez)
  • Apple Mac Os X Server

    OS
    Apple
    10.6.0 – 10.6.5 (bez)
  • Openldap

    APP
    Openldap
    2.4.22
  • Opensuse

    OS
    Opensuse
    11.0
  • VMware ESXi

    OS
    Vmware
    4.04.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2025-22224CRITICAL9.3⚠ KEVPL ✓ten sam produkt

VMware ESXi/Workstation: TOCTOU umożliwia ucieczkę z VM przez VMX process

CVE-2021-1871CRITICAL9.8⚠ KEVten sam produkt

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Up...

CVE-2021-1870CRITICAL9.8⚠ KEVten sam produkt

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Up...

CVE-2020-3992CRITICAL9.8⚠ KEVten sam produkt

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 befor...

CVE-2019-5544CRITICAL9.8⚠ KEVten sam produkt

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the s...