CVE-2011-4079

Description

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.

How to fix CVE-2011-4079

To remediate CVE-2011-4079, upgrade the affected package to a fixed version below.

• Debian/openldap—upgrade to 2.4.28-1 or later

Is CVE-2011-4079 being exploited?

Moderate — EPSS is 6.8%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 2.4.28-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-4079