CVE-2010-0212

Name of the Vulnerable Software and Affected Versions OpenLDAP versions prior to 2.4.35 ldap-utils (affected versions not specified) slapd (affected versions not specified) libldap-2.4-2 (affected versions not specified) libldap-2.4-2-dbg (affected versions not specified) slapd-dbg (affected versions not specified) libldap2-dev (affected versions not specified)

Description The issue allows remote attackers to cause a denial of service, potentially leading to disruption of protected information. This can be achieved through exploitation of multiple vulnerabilities in the affected packages, including a modrdn call with a zero-length RDN destination string, which triggers a NULL pointer dereference in the IA5StringNormalize function. The smr normalize function and IA5StringNormalize function in schema init.c are involved in the vulnerability. The exploitation can be performed remotely.

Recommendations For OpenLDAP versions prior to 2.4.35, update to version 2.4.35 or later to resolve the issue. For ldap-utils, slapd, libldap-2.4-2, libldap-2.4-2-dbg, slapd-dbg, and libldap2-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability.