CVE-2022-29155
Updated: 2022-06-09 17:10:57.566642
Description:
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
| Links | NIST | CIRCL | RHEL | Ubuntu |
Severity
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | HIGH | 7.5 |
| CVSS Version 3.x | CRITICAL | 9.8 |
Status
| OS name | Project name | Version | Status | Errata | Last updated |
|---|---|---|---|---|---|
| CentOS 6 ELS | openldap | 2.4.40 | Released | CLSA-2022:1652986174 | 2022-05-26 16:03:25.245019 |
| CentOS 8.4 ELS | openldap | 2.4.46-17 | Released | CLSA-2022:1652987203 | 2022-05-12 22:31:28.186883 |
| CentOS 8.5 ELS | openldap | 2.4.46-18 | Released | CLSA-2022:1653329612 | 2022-05-23 16:30:15.909678 |
| CloudLinux 6 ELS | openldap | 2.4.40 | Released | CLSA-2022:1652986681 | 2022-05-26 16:03:24.908635 |
| Oracle Linux 6 ELS | openldap | 2.4.40 | Released | CLSA-2022:1652986513 | 2022-05-12 22:31:27.299884 |
| Ubuntu 16.04 ELS | openldap | 2.4.42+dfsg-2ubuntu3.13 | Released | CLSA-2022:1652986454 | 2022-05-12 22:31:24.160732 |