Project

General

Profile

Actions
Copy link

Security #7465

closed
PA PA

ldap: bound of number of transactions is not fully enforced

Security #7465: ldap: bound of number of transactions is not fully enforced

Added by Philippe Antoine over 1 year ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Affected Versions:
Label:
CVE:
Git IDs:
Severity:
MODERATE
Disclosure Date:
03/17/2025

Description

Found by oss-fuzz
https://issues.oss-fuzz.com/u/1/issues/383880390

No need to backport as only in 8

If a 1 Mbyte chunk is parsed in one go, we can create many transactions, and have quadratic complexity with find_request

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #1

  • Status changed from New to In Review

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #2

  • Status changed from In Review to Closed

JF Updated by Juliana Fajardini Reichow 9 months ago Actions
Copy link
 #3

  • Private changed from Yes to No

Making public as per the disclosure date.

Actions
Copy link

Also available in: PDF Atom