CVE - CVE-2007-5708

CVE-ID
CVE-2007-5708	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:26245 URL:http://www.securityfocus.com/bid/26245 MISC:27424 URL:http://secunia.com/advisories/27424 MISC:27683 URL:http://secunia.com/advisories/27683 MISC:27756 URL:http://secunia.com/advisories/27756 MISC:27868 URL:http://secunia.com/advisories/27868 MISC:29225 URL:http://secunia.com/advisories/29225 MISC:29461 URL:http://secunia.com/advisories/29461 MISC:29682 URL:http://secunia.com/advisories/29682 MISC:ADV-2007-3645 URL:~~http://www.vupen.com/english/advisories/2007/3645~~ (Obsolete source) MISC:DSA-1541 URL:http://www.debian.org/security/2008/dsa-1541 MISC:FEDORA-2007-741 URL:http://www.redhat.com/archives/fedora-package-announce/2007-November/msg00460.html MISC:GLSA-200803-28 URL:http://security.gentoo.org/glsa/glsa-200803-28.xml MISC:MDVSA-2008:058 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:058~~ (Obsolete source) MISC:SUSE-SR:2007:024 URL:http://www.novell.com/linux/security/advisories/2007_24_sr.html MISC:USN-551-1 URL:http://www.ubuntu.com/usn/usn-551-1 MISC:[openldap-announce] 20071026 OpenLDAP 2.3.39 available URL:http://www.openldap.org/lists/openldap-announce/200710/msg00001.html MISC:http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5163 URL:http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5163
Assigning CNA
Red Hat, Inc.
Date Record Created
20071030	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071030)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)