Project

General

Profile

Actions

Security #7465

closed

ldap: bound of number of transactions is not fully enforced

Added by Philippe Antoine 7 months ago. Updated 3 days ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Label:
CVE:
Git IDs:
Severity:
MODERATE
Disclosure Date:
03/17/2025

Description

Found by oss-fuzz
https://issues.oss-fuzz.com/u/1/issues/383880390

No need to backport as only in 8

If a 1 Mbyte chunk is parsed in one go, we can create many transactions, and have quadratic complexity with find_request

Actions #1

Updated by Philippe Antoine 7 months ago

  • Status changed from New to In Review
Actions #2

Updated by Philippe Antoine 6 months ago

  • Status changed from In Review to Closed
Actions #3

Updated by Juliana Fajardini Reichow 3 days ago

  • Private changed from Yes to No

Making public as per the disclosure date.

Actions

Also available in: Atom PDF