Vulnerability Description
An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openldap | Openldap | 2.4 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/cve-2014-8182Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8182ExploitIssue TrackingPatch
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-8182ExploitIssue TrackingPatch
- https://security-tracker.debian.org/tracker/CVE-2014-8182PatchThird Party Advisory
- https://access.redhat.com/security/cve/cve-2014-8182Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8182ExploitIssue TrackingPatch
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-8182ExploitIssue TrackingPatch
- https://security-tracker.debian.org/tracker/CVE-2014-8182PatchThird Party Advisory
FAQ
What is CVE-2014-8182?
CVE-2014-8182 is a vulnerability with a CVSS score of 7.5 (HIGH). An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with craf...
How severe is CVE-2014-8182?
CVE-2014-8182 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8182?
Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap, Debian Debian Linux.