Jacek Konieczny

**Name of the Vulnerable Software and Affected Versions** OpenLDAP versions 2.x prior to 2.5.12 OpenLDAP versions 2.6.x prior to 2.6.2 **Description** The issue is related to a SQL injection vulnerability in the experimental back-sql backend to slapd. This vulnerability can be exploited when a specially crafted SQL statement is included within an LDAP query, potentially allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability occurs due to a lack of proper escaping during an LDAP search operation when the search filter is processed. **Recommendations** For OpenLDAP versions 2.x prior to 2.5.12, update to version 2.5.12 or later. For OpenLDAP versions 2.6.x prior to 2.6.2, update to version 2.6.2 or later. As a temporary workaround, consider restricting access to the back-sql backend to minimize the risk of exploitation.