Vulnerability CVE-2022-29155: Information

Description

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: May 4, 2022
Modified: Oct. 6, 2022
Error type identifier: CWE-89

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
openldapsisyphus2.6.3-alt12.6.7-alt1ALT-PU-2022-2606-1306372Fixed
openldapsisyphus_e2k2.6.3-alt12.6.7-alt1ALT-PU-2022-6150-1-Fixed
openldapsisyphus_riscv642.6.3-alt12.6.7-alt0.portALT-PU-2022-6156-1-Fixed
openldapp102.4.59-alt1.p10.22.4.59-alt1.p10.2ALT-PU-2023-2063-1322965Fixed
openldapp10_e2k2.4.59-alt1.p10.22.4.59-alt1.p10.2ALT-PU-2023-3978-1-Fixed
openldapc10f12.4.59-alt1.p10.22.4.59-alt1.p10.2ALT-PU-2023-6417-3331521Fixed

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*
      Start including
      2.6.0
      End excliding
      2.6.2

      cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*
      Start including
      2.0
      End excliding
      2.5.12

      Configuration 2

      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

      cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

      Configuration 6

      cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

      Configuration 7

      cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

      Configuration 8

      cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*