CVE-2015-1827

NameCVE-2015-1827
DescriptionThe get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freeipa (PTS)buster (security), buster, buster (lts)4.7.2-3+deb10u1fixed
bookworm4.9.11-1fixed
sid4.12.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freeipasource(unstable)(not affected)

Notes

- freeipa <not-affected> (Only affects 4.1, see bug #781224)
https://fedorahosted.org/freeipa/ticket/4908

Search for package or bug name: Reporting problems