CVE-2008-2952
openldap - denial of service
EPSS 55.3%
Description
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
How to fix CVE-2008-2952
To remediate CVE-2008-2952, upgrade the affected package to a fixed version below.
- Debian/openldap—upgrade to 2.4.10-3 or later
- Debian/openldap—upgrade to 2.4.10-2+lenny1 or later
- Debian/openldap2.3—upgrade to 2.3.30-5+etch2 or later
Is CVE-2008-2952 being exploited?
Likely — EPSS is 55.3%, placing CVE-2008-2952 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (3)
- from 0, < 2.4.10-3
- from 0, < 2.4.10-2+lenny1
- from 0, < 2.3.30-5+etch2