Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-qfr5-wjpw-q4c4: Denial of Service in python-ldap

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

ghsa
#vulnerability#dos#git#ldap#auth

Denial of Service in python-ldap

Moderate severity GitHub Reviewed Published Jun 19, 2022 • Updated Jun 20, 2022

Related news

Ubuntu Security Notice USN-5508-1

Ubuntu Security Notice 5508-1 - It was discovered that Python LDAP incorrectly handled certain regular expressions. An remote attacker could possibly use this issue to cause a denial of service.

CVE-2021-46823

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP