CVE-2015-0283
slapi-nis: infinite loop in getgrnam_r() and getgrgid_r()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups.
El plugin slapi-nis anterior a 0.54.2 no reasigna correctamente la memoria cuando procesa las cuentas de usuarios, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de una solicitud para (1) un grupo con un número grande de miembros o (2) un usuario que pertenece a un número grande de grupos.
It was discovered that the slapi-nis Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for information about a group with many members, or a request for a user that belongs to a large number of groups, would cause a Directory Server to enter an infinite loop and consume an excessive amount of CPU time.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-11-18 CVE Reserved
- 2015-03-26 CVE Published
- 2024-08-06 CVE Updated
- 2024-11-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/73377 | Vdb Entry | |
| https://git.fedorahosted.org/cgit/slapi-nis.git/commit/?id=6573f91c95f7a353ad3bdf2fe95b0c15932aa097 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|