OESA-2026-1425

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1425

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-1425.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2026-1425

Upstream

CVE-2026-22185

Published

2026-02-28T12:44:06Z

Modified

2026-02-28T13:01:43.294259Z

Summary

openldap security update

Details

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.

Security Fix(es):

OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdbload. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdbload to crash, leading to a limited denial-of-service condition.(CVE-2026-22185)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:22.03-LTS-SP4 / openldap

Package

Name: openldap
Purl: pkg:rpm/openEuler/openldap&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.0-11.oe2203sp4

Ecosystem specific

{
    "src": [
        "openldap-2.6.0-11.oe2203sp4.src.rpm"
    ],
    "aarch64": [
        "openldap-2.6.0-11.oe2203sp4.aarch64.rpm",
        "openldap-clients-2.6.0-11.oe2203sp4.aarch64.rpm",
        "openldap-debuginfo-2.6.0-11.oe2203sp4.aarch64.rpm",
        "openldap-debugsource-2.6.0-11.oe2203sp4.aarch64.rpm",
        "openldap-devel-2.6.0-11.oe2203sp4.aarch64.rpm",
        "openldap-servers-2.6.0-11.oe2203sp4.aarch64.rpm"
    ],
    "x86_64": [
        "openldap-2.6.0-11.oe2203sp4.x86_64.rpm",
        "openldap-clients-2.6.0-11.oe2203sp4.x86_64.rpm",
        "openldap-debuginfo-2.6.0-11.oe2203sp4.x86_64.rpm",
        "openldap-debugsource-2.6.0-11.oe2203sp4.x86_64.rpm",
        "openldap-devel-2.6.0-11.oe2203sp4.x86_64.rpm",
        "openldap-servers-2.6.0-11.oe2203sp4.x86_64.rpm"
    ],
    "noarch": [
        "openldap-help-2.6.0-11.oe2203sp4.noarch.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-1425.json"