CVE-2021-46823

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-46823
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46823.json
Aliases
Related
Published
2022-06-18T16:15:08Z
Modified
2023-11-29T09:07:31.610582Z
Details

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

References

Affected packages

Git / github.com/python-ldap/python-ldap

Affected ranges

Type
GIT
Repo
https://github.com/python-ldap/python-ldap
Events
Introduced
0The exact introduced commit is unknown
Fixed
47975ee75c84748abfb8bb7456d5cc0a34cfce41

Affected versions

python-ldap-2.*

python-ldap-2.3.0
python-ldap-2.3.10
python-ldap-2.3.11
python-ldap-2.3.13
python-ldap-2.3.3
python-ldap-2.3.4
python-ldap-2.3.7
python-ldap-2.3.8
python-ldap-2.3.9
python-ldap-2.4.10
python-ldap-2.4.12
python-ldap-2.4.13
python-ldap-2.4.20
python-ldap-2.4.21
python-ldap-2.4.23
python-ldap-2.4.26
python-ldap-2.4.27
python-ldap-2.4.28
python-ldap-2.4.29
python-ldap-2.4.30
python-ldap-2.4.31
python-ldap-2.4.32
python-ldap-2.4.33
python-ldap-2.4.35
python-ldap-2.4.36
python-ldap-2.4.37
python-ldap-2.4.38
python-ldap-2.4.39
python-ldap-2.4.4
python-ldap-2.4.40
python-ldap-2.4.41
python-ldap-2.4.42
python-ldap-2.4.43
python-ldap-2.4.44
python-ldap-2.4.45
python-ldap-2.4.6
python-ldap-2.4.7
python-ldap-2.4.9
python-ldap-2.5.0
python-ldap-2.5.1

python-ldap-3.*

python-ldap-3.0.0
python-ldap-3.0.0b1
python-ldap-3.0.0b2
python-ldap-3.0.0b3
python-ldap-3.0.0b4
python-ldap-3.1.0
python-ldap-3.2.0
python-ldap-3.3.0