Vulnerability CVE-2023-2953: Information

Description

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
URL: https://nvd.nist.gov/vuln/detail/CVE-2023-2953
Published: May 30, 2023
Modified: Jan. 10, 2025
Error type identifier: CWE-476

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
openldapp102.4.59-alt1.p10.32.4.59-alt1.p10.3ALT-PU-2025-2746-3374530Fixed
openldapp10_e2k2.4.59-alt1.p10.32.4.59-alt1.p10.3ALT-PU-2025-4262-1-Fixed
openldapc10f22.4.59-alt1.p10.32.4.59-alt1.p10.4ALT-PU-2025-3390-2375846Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://seclists.org/fulldisclosure/2023/Jul/47
  • Mailing List
http://seclists.org/fulldisclosure/2023/Jul/48
  • Mailing List
http://seclists.org/fulldisclosure/2023/Jul/52
  • Mailing List
https://access.redhat.com/security/cve/CVE-2023-2953
  • Third Party Advisory
https://bugs.openldap.org/show_bug.cgi?id=9904
  • Issue Tracking
  • Vendor Advisory
https://security.netapp.com/advisory/ntap-20230703-0005/
  • Third Party Advisory
https://support.apple.com/kb/HT213843
  • Third Party Advisory
https://support.apple.com/kb/HT213844
  • Third Party Advisory
https://support.apple.com/kb/HT213845
  • Third Party Advisory
BDU:2023-04057
      1. cpe:2.3:a:openldap:openldap:2.4:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
        Start including
        11.0
        End excluding
        11.7.9
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
        Start including
        12.0
        End excluding
        12.6.8
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
        Start including
        13.0
        End excluding
        13.5
        cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
        cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
        cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*
        cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
        cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
        cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
        cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
        cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top