CVE-2023-2953 — HIGH (7.5) — White Hats Nepal

Q: What is CVE-2023-2953?

CVE-2023-2953 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

Q: How severe is CVE-2023-2953?

CVE-2023-2953 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-2953?

Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap, Redhat Enterprise Linux, Apple Macos, Netapp Active Iq Unified Manager, Netapp Clustered Data Ontap.

Vulnerability Description

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openldap	Openldap	2.4
Redhat	Enterprise Linux	8.0
Apple	Macos	>= 11.0, < 11.7.9
Netapp	Active Iq Unified Manager	-
Netapp	Clustered Data Ontap	-
Netapp	Ontap Tools	-
Netapp	H300S Firmware	-
Netapp	H300S	-
Netapp	H500S Firmware	-
Netapp	H500S	-
Netapp	H700S Firmware	-
Netapp	H700S	-
Netapp	H410S Firmware	-
Netapp	H410S	-
Netapp	H410C Firmware	-
Netapp	H410C	-

Related Weaknesses (CWE)

CWE-476

References

http://seclists.org/fulldisclosure/2023/Jul/47Mailing List
http://seclists.org/fulldisclosure/2023/Jul/48Mailing List
http://seclists.org/fulldisclosure/2023/Jul/52Mailing List
https://access.redhat.com/security/cve/CVE-2023-2953Third Party Advisory
https://bugs.openldap.org/show_bug.cgi?id=9904Issue TrackingVendor Advisory
https://security.netapp.com/advisory/ntap-20230703-0005/Third Party Advisory
https://support.apple.com/kb/HT213843Third Party Advisory
https://support.apple.com/kb/HT213844Third Party Advisory
https://support.apple.com/kb/HT213845Third Party Advisory
http://seclists.org/fulldisclosure/2023/Jul/47Mailing List
http://seclists.org/fulldisclosure/2023/Jul/48Mailing List
http://seclists.org/fulldisclosure/2023/Jul/52Mailing List
https://access.redhat.com/security/cve/CVE-2023-2953Third Party Advisory
https://bugs.openldap.org/show_bug.cgi?id=9904Issue TrackingVendor Advisory
https://security.netapp.com/advisory/ntap-20230703-0005/Third Party Advisory

FAQ

What is CVE-2023-2953?

CVE-2023-2953 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

How severe is CVE-2023-2953?

CVE-2023-2953 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-2953?

Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap, Redhat Enterprise Linux, Apple Macos, Netapp Active Iq Unified Manager, Netapp Clustered Data Ontap.