CVE-2015-1545 - Vulnerability Details

Vendors	Products
Openldap	Openldap

Link	Providers
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html
http://seclists.org/fulldisclosure/2019/Dec/26
http://secunia.com/advisories/62787
http://www.debian.org/security/2015/dsa-3209
http://www.mandriva.com/security/advisories?name=MDVSA-2015:073
http://www.mandriva.com/security/advisories?name=MDVSA-2015:074
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562c
http://www.openldap.org/its/?findid=8027
http://www.openwall.com/lists/oss-security/2015/02/07/3
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securityfocus.com/bid/72519
http://www.securitytracker.com/id/1032399
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988
https://exchange.xforce.ibmcloud.com/vulnerabilities/100937
https://nvd.nist.gov/vuln/detail/CVE-2015-1545
https://seclists.org/bugtraq/2019/Dec/23
https://support.apple.com/HT204659
https://support.apple.com/kb/HT210788
https://www.cve.org/CVERecord?id=CVE-2015-1545

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-19T00:00:00", "descriptions": [{"lang": "en", "value": "The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-13T20:06:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "72519", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72519"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562c"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT204659"}, {"name": "openldap-cve20151545-dos(100937)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100937"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "DSA-3209", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3209"}, {"name": "APPLE-SA-2015-04-08-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"name": "openSUSE-SU-2015:1325", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html"}, {"name": "1032399", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032399"}, {"name": "MDVSA-2015:073", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073"}, {"name": "MDVSA-2015:074", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:074"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openldap.org/its/?findid=8027"}, {"name": "62787", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62787"}, {"name": "[oss-security] 20150207 Re: CVE request: two OpenLDAP DoS issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/02/07/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210788"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1545", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "72519", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72519"}, {"name": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=c32e74763f77675b9e144126e375977ed6dc562c", "refsource": "CONFIRM", "url": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=c32e74763f77675b9e144126e375977ed6dc562c"}, {"name": "https://support.apple.com/HT204659", "refsource": "CONFIRM", "url": "https://support.apple.com/HT204659"}, {"name": "openldap-cve20151545-dos(100937)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100937"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "DSA-3209", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3209"}, {"name": "APPLE-SA-2015-04-08-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"name": "openSUSE-SU-2015:1325", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html"}, {"name": "1032399", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032399"}, {"name": "MDVSA-2015:073", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073"}, {"name": "MDVSA-2015:074", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:074"}, {"name": "http://www.openldap.org/its/?findid=8027", "refsource": "CONFIRM", "url": "http://www.openldap.org/its/?findid=8027"}, {"name": "62787", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62787"}, {"name": "[oss-security] 20150207 Re: CVE request: two OpenLDAP DoS issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/02/07/3"}, {"name": "https://support.apple.com/kb/HT210788", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210788"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:47:16.804Z"}, "title": "CVE Program Container", "references": [{"name": "72519", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72519"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562c"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT204659"}, {"name": "openldap-cve20151545-dos(100937)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100937"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "DSA-3209", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3209"}, {"name": "APPLE-SA-2015-04-08-2", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"name": "openSUSE-SU-2015:1325", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html"}, {"name": "1032399", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032399"}, {"name": "MDVSA-2015:073", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073"}, {"name": "MDVSA-2015:074", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:074"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openldap.org/its/?findid=8027"}, {"name": "62787", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62787"}, {"name": "[oss-security] 20150207 Re: CVE request: two OpenLDAP DoS issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/02/07/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210788"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-1545", "datePublished": "2015-02-12T16:00:00", "dateReserved": "2015-02-07T00:00:00", "dateUpdated": "2024-08-06T04:47:16.804Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-01-19T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-12-13T20:06:07 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : 72519 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/72519 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562c (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://support.apple.com/HT204659 (string)

}

3 : { »

name : openldap-cve20151545-dos(100937) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/100937 (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

}

6 : { »

name : DSA-3209 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2015/dsa-3209 (string)

}

7 : { »

name : APPLE-SA-2015-04-08-2 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_APPLE (string)

]

url : http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html (string)

}

8 : { »

name : openSUSE-SU-2015:1325 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html (string)

}

9 : { »

name : 1032399 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1032399 (string)

}

10 : { »

name : MDVSA-2015:073 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:073 (string)

}

11 : { »

name : MDVSA-2015:074 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:074 (string)

}

12 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.openldap.org/its/?findid=8027 (string)

}

13 : { »

name : 62787 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/62787 (string)

}

14 : { »

name : [oss-security] 20150207 Re: CVE request: two OpenLDAP DoS issues (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2015/02/07/3 (string)

}

15 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://support.apple.com/kb/HT210788 (string)

}

16 : { »

name : 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : https://seclists.org/bugtraq/2019/Dec/23 (string)

}

17 : { »

name : 20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

]

url : http://seclists.org/fulldisclosure/2019/Dec/26 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2015-1545 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 72519 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/72519 (string)

}

1 : { »

name : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=c32e74763f77675b9e144126e375977ed6dc562c (string)

refsource : CONFIRM (string)

url : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=c32e74763f77675b9e144126e375977ed6dc562c (string)

}

2 : { »

name : https://support.apple.com/HT204659 (string)

refsource : CONFIRM (string)

url : https://support.apple.com/HT204659 (string)

}

3 : { »

name : openldap-cve20151545-dos(100937) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/100937 (string)

}

4 : { »

name : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988 (string)

refsource : CONFIRM (string)

url : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988 (string)

}

5 : { »

name : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

}

6 : { »

name : DSA-3209 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2015/dsa-3209 (string)

}

7 : { »

name : APPLE-SA-2015-04-08-2 (string)

refsource : APPLE (string)

url : http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html (string)

}

8 : { »

name : openSUSE-SU-2015:1325 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html (string)

}

9 : { »

name : 1032399 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1032399 (string)

}

10 : { »

name : MDVSA-2015:073 (string)

refsource : MANDRIVA (string)

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:073 (string)

}

11 : { »

name : MDVSA-2015:074 (string)

refsource : MANDRIVA (string)

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:074 (string)

}

12 : { »

name : http://www.openldap.org/its/?findid=8027 (string)

refsource : CONFIRM (string)

url : http://www.openldap.org/its/?findid=8027 (string)

}

13 : { »

name : 62787 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/62787 (string)

}

14 : { »

name : [oss-security] 20150207 Re: CVE request: two OpenLDAP DoS issues (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2015/02/07/3 (string)

}

15 : { »

name : https://support.apple.com/kb/HT210788 (string)

refsource : CONFIRM (string)

url : https://support.apple.com/kb/HT210788 (string)

}

16 : { »

name : 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (string)

refsource : BUGTRAQ (string)

url : https://seclists.org/bugtraq/2019/Dec/23 (string)

}

17 : { »

name : 20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (string)

refsource : FULLDISC (string)

url : http://seclists.org/fulldisclosure/2019/Dec/26 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T04:47:16.804Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 72519 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/72519 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562c (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://support.apple.com/HT204659 (string)

}

3 : { »

name : openldap-cve20151545-dos(100937) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/100937 (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

}

6 : { »

name : DSA-3209 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2015/dsa-3209 (string)

}

7 : { »

name : APPLE-SA-2015-04-08-2 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_APPLE (string)

2 : x_transferred (string)

]

url : http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html (string)

}

8 : { »

name : openSUSE-SU-2015:1325 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html (string)

}

9 : { »

name : 1032399 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1032399 (string)

}

10 : { »

name : MDVSA-2015:073 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

2 : x_transferred (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:073 (string)

}

11 : { »

name : MDVSA-2015:074 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

2 : x_transferred (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:074 (string)

}

12 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.openldap.org/its/?findid=8027 (string)

}

13 : { »

name : 62787 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/62787 (string)

}

14 : { »

name : [oss-security] 20150207 Re: CVE request: two OpenLDAP DoS issues (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2015/02/07/3 (string)

}

15 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://support.apple.com/kb/HT210788 (string)

}

16 : { »

name : 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : https://seclists.org/bugtraq/2019/Dec/23 (string)

}

17 : { »

name : 20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

2 : x_transferred (string)

]

url : http://seclists.org/fulldisclosure/2019/Dec/26 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2015-1545 (string)

datePublished : 2015-02-12T16:00:00 (string)

dateReserved : 2015-02-07T00:00:00 (string)

dateUpdated : 2024-08-06T04:47:16.804Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "E99FB859-D023-4B2B-A709-05E83A46E2A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "8D2EEBC7-1FAF-43E2-A124-C387C02D9E2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "95D242E4-D5EB-4785-A6EF-60B1E8E2B0EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "F6FEDD9C-FDF7-456A-B06C-0A4A4443991D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "9245CDE2-B90A-4D47-BA20-A7869FF0A645", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "FB993E4D-E573-4495-97DE-465DDB2AA2DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*", "matchCriteriaId": "D0F106A3-63D5-4D07-9440-6628DBA78BE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "36CC03BC-DF34-43CD-90B0-27D23A1DD06A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*", "matchCriteriaId": "16C90FEE-527E-47F5-8840-517A55163D8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*", "matchCriteriaId": "0FAEA812-BB47-47A3-A975-B3B8D30DBA36", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*", "matchCriteriaId": "5DE5D180-3972-40A0-ADAF-A4F3364D1381", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*", "matchCriteriaId": "AD76F376-00D8-4917-BF68-6EECC316C331", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*", "matchCriteriaId": "F7063C11-3BF5-4037-ADC3-0C7E9AF830B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*", "matchCriteriaId": "CAE258EA-1B57-4189-AD5A-7E2ACF223167", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*", "matchCriteriaId": "C492F5F5-A6FD-4BED-890A-79254138CC0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*", "matchCriteriaId": "A6F7FDE8-2E54-4162-AA5F-D81253AAC8FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*", "matchCriteriaId": "693E3145-FDDB-4780-886B-6D7FC7B2C5B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*", "matchCriteriaId": "1BF32056-CC6A-4B2B-8FAA-F573445B9B99", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:*", "matchCriteriaId": "93B99338-4A1A-4483-8308-49BCCB325C30", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:*", "matchCriteriaId": "FE652CE3-E16B-4062-8253-F3FB52A651EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:*", "matchCriteriaId": "2A30ED6D-1DB8-4563-B131-1532F97F9694", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:*", "matchCriteriaId": "7764366D-29BB-4D75-A33C-7C17DA7496DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:*", "matchCriteriaId": "0A38D99B-370E-430A-A657-CD9FF72D0863", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:*", "matchCriteriaId": "AB3D3034-D938-402D-A02F-3F4005C438AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.37:*:*:*:*:*:*:*", "matchCriteriaId": "A7D979A0-3214-4DC6-A838-0AD2444CA5FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.38:*:*:*:*:*:*:*", "matchCriteriaId": "25B3EF5D-7889-4206-838C-E932AFCBE15D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.39:*:*:*:*:*:*:*", "matchCriteriaId": "6B20FA14-9F5B-425D-ACEF-A2348252C39A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openldap:openldap:2.4.40:*:*:*:*:*:*:*", "matchCriteriaId": "43B01F94-261C-4718-A82D-28DAE9B67936", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request."}, {"lang": "es", "value": "La funci\u00f3n deref_parseCtrl en servers/slapd/overlays/deref.c en OpenLDAP 2.4.13 hasta 2.4.40 permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda) a trav\u00e9s de una lista de atributos vac\u00eda en un control de referencia en una solicitud de b\u00fasqueda."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", "id": "CVE-2015-1545", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-02-12T16:59:06.143", "references": [{"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/62787"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3209"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:074"}, {"source": "cve@mitre.org", "url": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562c"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.openldap.org/its/?findid=8027"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/02/07/3"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/72519"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1032399"}, {"source": "cve@mitre.org", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100937"}, {"source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/HT204659"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/kb/HT210788"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62787"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3209"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:073"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.openldap.org/its/?findid=8027"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/02/07/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72519"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032399"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100937"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/HT204659"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/kb/HT210788"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Note that the deref overlay is not enabled by default, so this vulnerability only affects sites that have explicitly configured their servers to load and enable the overlay. Since this overlay has never been documented, there are no sites outside of the OpenLDAP developer community with a legitimate reason to enable this module.", "lastModified": "2015-02-25T11:33:12.727", "organization": "openldap.org"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:* (string)

matchCriteriaId : E99FB859-D023-4B2B-A709-05E83A46E2A1 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:* (string)

matchCriteriaId : 8D2EEBC7-1FAF-43E2-A124-C387C02D9E2B (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:* (string)

matchCriteriaId : 95D242E4-D5EB-4785-A6EF-60B1E8E2B0EC (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:* (string)

matchCriteriaId : F6FEDD9C-FDF7-456A-B06C-0A4A4443991D (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:* (string)

matchCriteriaId : 9245CDE2-B90A-4D47-BA20-A7869FF0A645 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:* (string)

matchCriteriaId : FB993E4D-E573-4495-97DE-465DDB2AA2DF (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:* (string)

matchCriteriaId : D0F106A3-63D5-4D07-9440-6628DBA78BE5 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:* (string)

matchCriteriaId : 36CC03BC-DF34-43CD-90B0-27D23A1DD06A (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:* (string)

matchCriteriaId : 16C90FEE-527E-47F5-8840-517A55163D8E (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:* (string)

matchCriteriaId : 0FAEA812-BB47-47A3-A975-B3B8D30DBA36 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:* (string)

matchCriteriaId : 5DE5D180-3972-40A0-ADAF-A4F3364D1381 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:* (string)

matchCriteriaId : AD76F376-00D8-4917-BF68-6EECC316C331 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:* (string)

matchCriteriaId : F7063C11-3BF5-4037-ADC3-0C7E9AF830B4 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:* (string)

matchCriteriaId : CAE258EA-1B57-4189-AD5A-7E2ACF223167 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:* (string)

matchCriteriaId : C492F5F5-A6FD-4BED-890A-79254138CC0A (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:* (string)

matchCriteriaId : A6F7FDE8-2E54-4162-AA5F-D81253AAC8FA (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:* (string)

matchCriteriaId : 693E3145-FDDB-4780-886B-6D7FC7B2C5B3 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:* (string)

matchCriteriaId : 1BF32056-CC6A-4B2B-8FAA-F573445B9B99 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:* (string)

matchCriteriaId : 93B99338-4A1A-4483-8308-49BCCB325C30 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:* (string)

matchCriteriaId : FE652CE3-E16B-4062-8253-F3FB52A651EA (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:* (string)

matchCriteriaId : 2A30ED6D-1DB8-4563-B131-1532F97F9694 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:* (string)

matchCriteriaId : 7764366D-29BB-4D75-A33C-7C17DA7496DE (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:* (string)

matchCriteriaId : 0A38D99B-370E-430A-A657-CD9FF72D0863 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:* (string)

matchCriteriaId : AB3D3034-D938-402D-A02F-3F4005C438AA (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.37:*:*:*:*:*:*:* (string)

matchCriteriaId : A7D979A0-3214-4DC6-A838-0AD2444CA5FD (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.38:*:*:*:*:*:*:* (string)

matchCriteriaId : 25B3EF5D-7889-4206-838C-E932AFCBE15D (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.39:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B20FA14-9F5B-425D-ACEF-A2348252C39A (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:openldap:openldap:2.4.40:*:*:*:*:*:*:* (string)

matchCriteriaId : 43B01F94-261C-4718-A82D-28DAE9B67936 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. (string)

}

1 : { »

lang : es (string)

value : La función deref_parseCtrl en servers/slapd/overlays/deref.c en OpenLDAP 2.4.13 hasta 2.4.40 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída) a través de una lista de atributos vacía en un control de referencia en una solicitud de búsqueda. (string)

}

]

evaluatorComment : <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a> (string)

id : CVE-2015-1545 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2015-02-12T16:59:06.143 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://seclists.org/fulldisclosure/2019/Dec/26 (string)

}

3 : { »

source : cve@mitre.org (string)

url : http://secunia.com/advisories/62787 (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://www.debian.org/security/2015/dsa-3209 (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:073 (string)

}

6 : { »

source : cve@mitre.org (string)

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:074 (string)

}

7 : { »

source : cve@mitre.org (string)

url : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562c (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Vendor Advisory (string)

]

url : http://www.openldap.org/its/?findid=8027 (string)

}

9 : { »

source : cve@mitre.org (string)

url : http://www.openwall.com/lists/oss-security/2015/02/07/3 (string)

}

10 : { »

source : cve@mitre.org (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

}

11 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/bid/72519 (string)

}

12 : { »

source : cve@mitre.org (string)

url : http://www.securitytracker.com/id/1032399 (string)

}

13 : { »

source : cve@mitre.org (string)

url : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988 (string)

}

14 : { »

source : cve@mitre.org (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/100937 (string)

}

15 : { »

source : cve@mitre.org (string)

url : https://seclists.org/bugtraq/2019/Dec/23 (string)

}

16 : { »

source : cve@mitre.org (string)

url : https://support.apple.com/HT204659 (string)

}

17 : { »

source : cve@mitre.org (string)

url : https://support.apple.com/kb/HT210788 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://seclists.org/fulldisclosure/2019/Dec/26 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/62787 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2015/dsa-3209 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:073 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:074 (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=c32e74763f77675b9e144126e375977ed6dc562c (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Vendor Advisory (string)

]

url : http://www.openldap.org/its/?findid=8027 (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.openwall.com/lists/oss-security/2015/02/07/3 (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/72519 (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1032399 (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988 (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/100937 (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://seclists.org/bugtraq/2019/Dec/23 (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://support.apple.com/HT204659 (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://support.apple.com/kb/HT210788 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vendorComments : [ »

0 : { »

comment : Note that the deref overlay is not enabled by default, so this vulnerability only affects sites that have explicitly configured their servers to load and enable the overlay. Since this overlay has never been documented, there are no sites outside of the OpenLDAP developer community with a legitimate reason to enable this module. (string)

lastModified : 2015-02-25T11:33:12.727 (string)

organization : openldap.org (string)

}

]

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "openldap: slapd crashes on search with deref control and empty attr list", "id": "1190643", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190643"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request."], "name": "CVE-2015-1545", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openldap", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openldap", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openldap", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Not affected", "package_name": "openldap", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "openldap", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}], "public_date": "2015-02-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1545\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1545"], "statement": "This issue did not affect the versions of openldap as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include support for the deref overlay.", "threat_severity": "Moderate"}

{

bugzilla : { »

description : openldap: slapd crashes on search with deref control and empty attr list (string)

id : 1190643 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1190643 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 5.0 (string)

cvss_scoring_vector : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

status : draft (string)

}

details : [ »

0 : The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. (string)

]

name : CVE-2015-1545 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : openldap (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : openldap (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : openldap (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:5 (string)

fix_state : Not affected (string)

package_name : openldap (string)

product_name : Red Hat JBoss Enterprise Application Platform 5 (string)

}

4 : { »

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:6 (string)

fix_state : Not affected (string)

package_name : openldap (string)

product_name : Red Hat JBoss Enterprise Application Platform 6 (string)

}

]

public_date : 2015-02-03T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2015-1545 https://nvd.nist.gov/vuln/detail/CVE-2015-1545 (string)

]

statement : This issue did not affect the versions of openldap as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include support for the deref overlay. (string)

threat_severity : Moderate (string)

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object