CVE-2012-1164

Name of the Vulnerable Software and Affected Versions OpenLDAP versions prior to 2.4.30

Description The issue allows remote attackers to cause a denial of service, leading to an assertion failure and daemon exit, via an LDAP search query with attrsOnly set to true. This results in empty attributes being returned. The vulnerability can be exploited remotely and may lead to disruption of confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 2.4.30, update to version 2.4.30 or later to resolve the issue. As a temporary workaround, consider restricting access to LDAP search queries with attrsOnly set to true until a patch is available.