Launchpad CVE tracker

CVE 2011-4079

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.

Related bugs and status

CVE-2011-4079 (Candidate) is related to these bugs:

Bug #884163: OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability

		In	Importance	Status
884163	OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability	openldap (Ubuntu)	Medium	Fix Released
884163	OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability	openldap (Ubuntu Maverick)	Medium	Fix Released
884163	OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability	openldap (Ubuntu Lucid)	Medium	Fix Released
884163	OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability	openldap (Ubuntu Natty)	Medium	Fix Released
884163	OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability	openldap (Ubuntu Oneiric)	Medium	Fix Released
884163	OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability	openldap (Ubuntu Hardy)	Medium	Invalid
884163	OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability	openldap (Ubuntu Precise)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-4079

References