CVE-2008-2952

Name of the Vulnerable Software and Affected Versions OpenLDAP versions 2.2.4 through 2.4.10 OpenLDAP versions prior to 2.3.43

Description The issue allows remote attackers to cause a denial of service, leading to disruption of protected information availability. This can be achieved through crafted ASN.1 BER datagrams that trigger an assertion error in liblber/io.c.

Recommendations For OpenLDAP versions 2.2.4 through 2.4.10, consider updating to a version later than 2.4.10 to resolve the issue. For OpenLDAP versions prior to 2.3.43, update to version 2.3.43 or later to fix the problem. As a temporary workaround, consider restricting access to the liblber/io.c module to minimize the risk of exploitation.