Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values,
as demonstrated by the PROTOS LDAPv3 test suite.
Note:References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Disclaimer: The entry creation date may reflect when
the CVE-ID was allocated or reserved, and does not
necessarily indicate when this vulnerability was
discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.