{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-2953", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2025-01-10T21:28:27.261Z", "dateReserved": "2023-05-29T00:00:00.000Z", "datePublished": "2023-05-30T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-07-25T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function."}], "affected": [{"vendor": "n/a", "product": "openldap", "versions": [{"version": "openldap-2.4", "status": "affected"}]}], "references": [{"url": "https://bugs.openldap.org/show_bug.cgi?id=9904"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-2953"}, {"url": "https://security.netapp.com/advisory/ntap-20230703-0005/"}, {"url": "https://support.apple.com/kb/HT213843"}, {"url": "https://support.apple.com/kb/HT213844"}, {"url": "https://support.apple.com/kb/HT213845"}, {"name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2023/Jul/52"}, {"name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2023/Jul/48"}, {"name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2023/Jul/47"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-476", "cweId": "CWE-476"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:41:04.071Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugs.openldap.org/show_bug.cgi?id=9904", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-2953", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230703-0005/", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213843", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213844", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213845", "tags": ["x_transferred"]}, {"name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2023/Jul/52"}, {"name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2023/Jul/48"}, {"name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2023/Jul/47"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-10T21:27:47.208145Z", "id": "CVE-2023-2953", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-10T21:28:27.261Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugs.openldap.org/show_bug.cgi?id=9904", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-2953", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230703-0005/", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213843", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213844", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/kb/HT213845", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Jul/52", "name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Jul/48", "name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2023/Jul/47", "name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:41:04.071Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-2953", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-10T21:27:47.208145Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-10T21:28:12.854Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "openldap", "versions": [{"status": "affected", "version": "openldap-2.4"}]}], "references": [{"url": "https://bugs.openldap.org/show_bug.cgi?id=9904"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-2953"}, {"url": "https://security.netapp.com/advisory/ntap-20230703-0005/"}, {"url": "https://support.apple.com/kb/HT213843"}, {"url": "https://support.apple.com/kb/HT213844"}, {"url": "https://support.apple.com/kb/HT213845"}, {"url": "http://seclists.org/fulldisclosure/2023/Jul/52", "name": "20230725 APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9", "tags": ["mailing-list"]}, {"url": "http://seclists.org/fulldisclosure/2023/Jul/48", "name": "20230725 APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8", "tags": ["mailing-list"]}, {"url": "http://seclists.org/fulldisclosure/2023/Jul/47", "name": "20230725 APPLE-SA-2023-07-24-4 macOS Ventura 13.5", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-07-25T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2023-2953", "state": "PUBLISHED", "dateUpdated": "2025-01-10T21:28:27.261Z", "dateReserved": "2023-05-29T00:00:00", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-05-30T00:00:00", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openldap:openldap:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "AF7B8F72-1490-482D-80EB-D08637F2E037", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB5312D6-AEEA-4548-B3EF-B07B46168475", "versionEndExcluding": "11.7.9", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B763A1F-C183-4728-B593-67558FD9FC36", "versionEndExcluding": "12.6.8", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627", "versionEndExcluding": "13.5", "versionStartIncluding": "13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "CBCC384C-5DF0-41AB-B17B-6E9B6CAE8065", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function."}], "id": "CVE-2023-2953", "lastModified": "2025-01-10T22:15:23.557", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-05-30T22:15:10.613", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://seclists.org/fulldisclosure/2023/Jul/47"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://seclists.org/fulldisclosure/2023/Jul/48"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://seclists.org/fulldisclosure/2023/Jul/52"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-2953"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.openldap.org/show_bug.cgi?id=9904"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230703-0005/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213843"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213844"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213845"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://seclists.org/fulldisclosure/2023/Jul/47"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://seclists.org/fulldisclosure/2023/Jul/48"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://seclists.org/fulldisclosure/2023/Jul/52"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-2953"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.openldap.org/show_bug.cgi?id=9904"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230703-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213843"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213845"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:4264", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "openldap-0:2.4.46-19.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-02T00:00:00Z"}, {"advisory": "RHSA-2024:6033", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "openldap-0:2.4.46-20.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-08-29T00:00:00Z"}, {"advisory": "RHSA-2025:8176", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "openldap-0:2.6.2-1.el9_0.1", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-05-27T00:00:00Z"}, {"advisory": "RHSA-2025:8181", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "openldap-0:2.6.2-3.el9_2.1", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-05-27T00:00:00Z"}], "bugzilla": {"description": "openldap: null pointer dereference in ber_memalloc_x function", "id": "2210651", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210651"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication."], "name": "CVE-2023-2953", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "compat-openldap", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "openldap", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-openldap", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "openldap", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "openldap", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-05-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-2953\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2953"], "statement": "This vulnerability is rated as a low severity because, it affects only systems where memory exhaustion might occur due to mishandling of users crafted inputs, and it requires an authenticated user to trigger the issue.\nThis vulnerability does not affect any versions of RHEL above 9.2.", "threat_severity": "Low"}

{}