// For flags

CVE-2008-2952

OpenLDAP BER Decoding Remote DoS Vulnerability

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.

El archivo liblber/io.c en OpenLDAP versiones 2.2.4 hasta 2.4.10, permite a los atacantes remotos causar una denegación de servicio (finalización del programa) por medio de datagramas ASN.1 BER diseñados que desencadenan un error de aserción.

This vulnerability allows remote attackers to deny services on vulnerable installations of OpenLDAP. Authentication is not required to exploit this vulnerability.
The specific flaw exists in the decoding of ASN.1 BER network datagrams. When the size of a BerElement is specified incorrectly, the application will trigger an assert(), leading to abnormal program termination.

*Credits: Oscar Mira-Sanchez
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-06-30 First Exploit
  • 2008-07-01 CVE Reserved
  • 2008-07-01 CVE Published
  • 2024-02-15 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-399: Resource Management Errors
CAPEC
References (34)
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.2.4
Search vendor "Openldap" for product "Openldap" and version "2.2.4"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.2.5
Search vendor "Openldap" for product "Openldap" and version "2.2.5"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.2.6
Search vendor "Openldap" for product "Openldap" and version "2.2.6"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.2.7
Search vendor "Openldap" for product "Openldap" and version "2.2.7"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.2.8
Search vendor "Openldap" for product "Openldap" and version "2.2.8"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.2.9
Search vendor "Openldap" for product "Openldap" and version "2.2.9"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.4
Search vendor "Openldap" for product "Openldap" and version "2.3.4"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.5
Search vendor "Openldap" for product "Openldap" and version "2.3.5"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.6
Search vendor "Openldap" for product "Openldap" and version "2.3.6"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.7
Search vendor "Openldap" for product "Openldap" and version "2.3.7"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.8
Search vendor "Openldap" for product "Openldap" and version "2.3.8"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.9
Search vendor "Openldap" for product "Openldap" and version "2.3.9"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.10
Search vendor "Openldap" for product "Openldap" and version "2.3.10"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.11
Search vendor "Openldap" for product "Openldap" and version "2.3.11"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.12
Search vendor "Openldap" for product "Openldap" and version "2.3.12"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.13
Search vendor "Openldap" for product "Openldap" and version "2.3.13"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.14
Search vendor "Openldap" for product "Openldap" and version "2.3.14"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.15
Search vendor "Openldap" for product "Openldap" and version "2.3.15"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.16
Search vendor "Openldap" for product "Openldap" and version "2.3.16"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.17
Search vendor "Openldap" for product "Openldap" and version "2.3.17"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.18
Search vendor "Openldap" for product "Openldap" and version "2.3.18"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.19
Search vendor "Openldap" for product "Openldap" and version "2.3.19"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.20
Search vendor "Openldap" for product "Openldap" and version "2.3.20"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.21
Search vendor "Openldap" for product "Openldap" and version "2.3.21"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.22
Search vendor "Openldap" for product "Openldap" and version "2.3.22"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.23
Search vendor "Openldap" for product "Openldap" and version "2.3.23"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.24
Search vendor "Openldap" for product "Openldap" and version "2.3.24"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.25
Search vendor "Openldap" for product "Openldap" and version "2.3.25"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.26
Search vendor "Openldap" for product "Openldap" and version "2.3.26"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.27
Search vendor "Openldap" for product "Openldap" and version "2.3.27"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.28
Search vendor "Openldap" for product "Openldap" and version "2.3.28"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.29
Search vendor "Openldap" for product "Openldap" and version "2.3.29"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.30
Search vendor "Openldap" for product "Openldap" and version "2.3.30"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.31
Search vendor "Openldap" for product "Openldap" and version "2.3.31"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.32
Search vendor "Openldap" for product "Openldap" and version "2.3.32"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.33
Search vendor "Openldap" for product "Openldap" and version "2.3.33"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.34
Search vendor "Openldap" for product "Openldap" and version "2.3.34"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.35
Search vendor "Openldap" for product "Openldap" and version "2.3.35"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.36
Search vendor "Openldap" for product "Openldap" and version "2.3.36"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.37
Search vendor "Openldap" for product "Openldap" and version "2.3.37"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.38
Search vendor "Openldap" for product "Openldap" and version "2.3.38"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.39
Search vendor "Openldap" for product "Openldap" and version "2.3.39"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.40
Search vendor "Openldap" for product "Openldap" and version "2.3.40"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.41
Search vendor "Openldap" for product "Openldap" and version "2.3.41"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.42
Search vendor "Openldap" for product "Openldap" and version "2.3.42"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.3.43
Search vendor "Openldap" for product "Openldap" and version "2.3.43"
-
Affected
Openldap
Search vendor "Openldap"
Openldap
Search vendor "Openldap" for product "Openldap"
2.4.10
Search vendor "Openldap" for product "Openldap" and version "2.4.10"
-
Affected