CVE-2021-46823

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: python-ldap versions prior to 3.4.0

Description: The issue is related to a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. This occurs when ldap.schema is used for untrusted schema definitions.

Recommendations: For versions prior to 3.4.0, as a temporary workaround, consider checking input for an excessive amount of backslashes in schemas, as more than a dozen backslashes per line are atypical. Update to version 3.4.0 or later, which contains a workaround to prevent ReDoS attacks by refusing schema definitions with an excessive amount of backslashes.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

AZL-9960

CVE-2021-46823

GHSA-QFR5-WJPW-Q4C4

GHSA-R8WQ-QRXC-HMCM

MGASA-2022-0310

OESA-2022-1792

OESA-2022-1809

USN-5508-1

Affected Products

Debian

Linuxmint

Ubuntu

Python-Ldap

CVE-2021-46823

Weakness Enumeration

Related Identifiers

Affected Products

References · 25