Impact
An input handling flaw exists in the HTTP refresh token process of LLDAP version 0.6.2; the flaw allows an attacker to send a specially crafted refresh-token header that can exhaust server resources or cause a crash, resulting in a denial of availability for legitimate users. Because the vulnerability does not corrupt data or grant additional privileges, the primary effect is loss of service rather than breach of confidentiality or integrity.
Affected Systems
The only product explicitly listed as affected is LLDAP version 0.6.2, a lightweight LDAP server written in Rust. No other vendors or product lines were referenced in the CNA data, so the scope of the vulnerability is limited to this single release.
Risk and Exploitability
The CVSS score of 7.5 places the vulnerability in the high‑severity range, but the EPSS score of less than 1 % indicates that exploitation in the wild is unlikely. The vulnerability is not included in CISA’s KEV catalog. Attackers would only need the ability to send HTTP requests to the refresh‑token endpoint; no privileged access or credentials are required. Once the crafted header is processed, the server may become unresponsive or crash, which would deny service to all users.
OpenCVE Enrichment