Extended Lifecycle Support CVE dashboard by TuxСare

CVEs Releases Projects

CVE-2022-29155

Updated: 2022-06-09 17:10:57.566642

Description:

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Status Errata Last updated
CentOS 6 ELS openldap 2.4.40 Released CLSA-2022:1652986174 2022-05-26 16:03:25.245019
CentOS 8.4 ELS openldap 2.4.46-17 Released CLSA-2022:1652987203 2022-05-12 22:31:28.186883
CentOS 8.5 ELS openldap 2.4.46-18 Released CLSA-2022:1653329612 2022-05-23 16:30:15.909678
CloudLinux 6 ELS openldap 2.4.40 Released CLSA-2022:1652986681 2022-05-26 16:03:24.908635
Oracle Linux 6 ELS openldap 2.4.40 Released CLSA-2022:1652986513 2022-05-12 22:31:27.299884
Ubuntu 16.04 ELS openldap 2.4.42+dfsg-2ubuntu3.13 Released CLSA-2022:1652986454 2022-05-12 22:31:24.160732