CVE-2011-1081

Description

modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.

How to fix CVE-2011-1081

To remediate CVE-2011-1081, upgrade the affected package to a fixed version below.

• Debian/openldap—upgrade to 2.4.25-1 or later

Is CVE-2011-1081 being exploited?

Low — EPSS is 2.7%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.4.25-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-1081