[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Security alerts on OpenLDAP (CVE-2015-1545 / CVE-2015-1546)

Clément OUDOT wrote:

I saw today two CVE on OpenLDAP:
* http://vigilance.fr/vulnerability/OpenLDAP-NULL-pointer-dereference-via-deref-16124
* http://vigilance.fr/vulnerability/OpenLDAP-use-after-free-via-Matched-Values-16125

Don't know if they are reported in some ITS.

That's because you're reading 2nd or 3rd-hand reports. Read the actual CVEs and you'll see that relevant ITSs already linked.


Given that the deref overlay isn't even documented and is probably used by only a handful of OpenLDAP developers I don't believe it even merited a CVE record.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/