VDB
JLSEC-2026-166
JLSEC-2026-166
PUBLISHED
CVSS 8.699999809265137 HIGH
A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Julia | OpenLDAPClient_jll | |
| Julia | OpenLDAPClient_jll | 0, 0 |
Timeline
- Apr 21, 2026 CVE Published
- Apr 21, 2026 CVE Updated
- May 1, 2026 Distribution Patch
References
- http://seclists.org/fulldisclosure/2021/May/64 url
- http://seclists.org/fulldisclosure/2021/May/65 url
- http://seclists.org/fulldisclosure/2021/May/70 url
- https://bugs.openldap.org/show_bug.cgi?id=9409 url
- https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 url
- https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26 url
- https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 url
- https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 url
- https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57 url
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E url
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E url
- https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html url
- https://security.netapp.com/advisory/ntap-20210226-0002/ url
- https://support.apple.com/kb/HT212529 url
- https://support.apple.com/kb/HT212530 url
- https://support.apple.com/kb/HT212531 url
- https://www.debian.org/security/2021/dsa-4845 url