OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.05435.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Openldap
  • Openldap
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:a:openldap:openldap:1.0:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.1:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.2:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:1.2.13:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.11_9:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.11_11:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.11_11s:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.18:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.19:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.20:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.21:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.22:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.23:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.24:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.25:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.26:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.0.27:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.11:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.12:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.13:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.14:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.15:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.16:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.17:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.18:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.19:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.20:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.21:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.22:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.23:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.24:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.25:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.26:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.27:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.28:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.29:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1.30:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.1_.20:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.12:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.13:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.14:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.15:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.16:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.17:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.18:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.19:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.20:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.21:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.22:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.23:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.24:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.25:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.26:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.27:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.28_r2:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.2.29_rev_1.134:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.3.27_2.20061018:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.3.28_2.20061022:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.3.28_20061022:*:*:*:*:*:*:*
cpe:2.3:a:openldap:openldap:2.3.28_e1.0.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 4
openldap-0:2.2.13-8.el4_6.1 cpe:/o:redhat:enterprise_linux:4 RHSA-2007:1038 2007-11-15T00:00:00Z
Red Hat Enterprise Linux 5
openldap-0:2.3.27-8.el5_1.1 cpe:/o:redhat:enterprise_linux:5 RHSA-2007:1037 2007-11-08T00:00:00Z

No data.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-1541-1 New openldap2.3 packages fix denial of service
EUVD EUVD EUVD-2007-5679 OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent.
Ubuntu USN Ubuntu USN USN-551-1 OpenLDAP vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632 cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html cve-icon cve-icon
http://secunia.com/advisories/27424 cve-icon cve-icon
http://secunia.com/advisories/27587 cve-icon cve-icon
http://secunia.com/advisories/27596 cve-icon cve-icon
http://secunia.com/advisories/27683 cve-icon cve-icon
http://secunia.com/advisories/27756 cve-icon cve-icon
http://secunia.com/advisories/27868 cve-icon cve-icon
http://secunia.com/advisories/29461 cve-icon cve-icon
http://secunia.com/advisories/29682 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200803-28.xml cve-icon cve-icon
http://support.apple.com/kb/HT3937 cve-icon cve-icon
http://www.debian.org/security/2008/dsa-1541 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2007:215 cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2007_24_sr.html cve-icon cve-icon
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5119 cve-icon cve-icon
http://www.openldap.org/lists/openldap-announce/200710/msg00001.html cve-icon cve-icon
http://www.redhat.com/archives/fedora-package-announce/2007-November/msg00460.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2007-1037.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2007-1038.html cve-icon cve-icon
http://www.securityfocus.com/bid/26245 cve-icon cve-icon
http://www.securitytracker.com/id?1018924 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-551-1 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/3645 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3184 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2007-5707 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10183 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2007-5707 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-07T15:39:13.978Z

Reserved: 2007-10-30T00:00:00

Link: CVE-2007-5707

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2007-10-30T19:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-5707

cve-icon Redhat

Severity : Important

Publid Date: 2007-10-29T00:00:00Z

Links: CVE-2007-5707 - Bugzilla

cve-icon OpenCVE Enrichment

No data.