CVE-2013-4449
openldap - security update
EPSS 68.7%
Description
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
How to fix CVE-2013-4449
To remediate CVE-2013-4449, upgrade the affected package to a fixed version below.
- Debian/openldap—upgrade to 2.4.39-1.1 or later
- Debian/openldap—upgrade to 2.4.31-2 or later
Is CVE-2013-4449 being exploited?
Likely — EPSS is 68.7%, placing CVE-2013-4449 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 2.4.39-1.1
- from 0, < 2.4.31-2