CVE-2015-1546
Apple Security Advisory 2015-04-08-2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.
Vulnerabilidad de liberación doble en la función get_vrFilter en servers/slapd/filter.c en OpenLDAP 2.4.40 permite a atacantes remotos causar una denegación de servicio (caída) a través de una consulta de búsqueda manipulada con control de valores coincidentes.
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service via an empty attribute list in a deref control in a search request. Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service via a crafted search query with a matched values control. The updated packages provides a solution for these security issues.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-02-07 CVE Reserved
- 2015-02-12 CVE Published
- 2024-08-06 CVE Updated
- 2025-05-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/62787 | Third Party Advisory | |
| http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=2f1a2dd329b91afe561cd06b872d09630d4edb6a | X_refsource_confirm | |
| http://www.openldap.org/its/?findid=8046 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2015/02/07/3 | Mailing List |
|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100938 | Vdb Entry | |
| https://support.apple.com/HT204659 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openldap Search vendor "Openldap" | Openldap Search vendor "Openldap" for product "Openldap" | 2.4.40 Search vendor "Openldap" for product "Openldap" and version "2.4.40" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.10.2 Search vendor "Apple" for product "Mac Os X" and version "10.10.2" | - |
Affected
| ||||||