The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2014-02-05T18:00:00
Updated: 2024-08-06T16:45:14.585Z
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4449
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-02-05T18:55:06.317
Modified: 2024-11-21T01:55:35.407
Link: CVE-2013-4449
Redhat