ubuntu · CVE-2015-6908

Quick triage

Priority: medium Published: 2015-09-11 00:00:00 UTC Updated: 2024-07-24 15:57:39 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2015-6908 medium priority: Ubuntu including 1 source packages (openldap), 4 status rows across 4 suites (precise, trusty, upstream, vivid): released 4.

Description:

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

cvelogic Threat Intelligence