DescriptionA vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1036995

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openldap (PTS)jessie, jessie (lts)2.4.40+dfsg-1+deb8u11vulnerable
stretch (security), stretch (lts), stretch2.4.44+dfsg-5+deb9u9vulnerable
buster, buster (security)2.4.47+dfsg-3+deb10u7vulnerable
bullseye (security), bullseye2.4.57+dfsg-3+deb11u1vulnerable
sid, trixie, bookworm2.5.13+dfsg-5vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[bookworm] - openldap <no-dsa> (Minor issue)
[bullseye] - openldap <no-dsa> (Minor issue)
[buster] - openldap <no-dsa> (Minor issue) (master) (master) (OPENLDAP_REL_ENG_2_6_4) (OPENLDAP_REL_ENG_2_6_4) (OPENLDAP_REL_ENG_2_5_14) (OPENLDAP_REL_ENG_2_5_14)
[stretch] - openldap <no-dsa> (Minor issue)
[jessie] - openldap <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems