Updated: 2022-10-06 20:49:33.164629
Description:
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | HIGH | 7.5 |
| CVSS Version 3.x | CRITICAL | 9.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | openldap | 2.4.40 | 9.8 | CRITICAL | Released | CLSA-2022:1652986174 | 2022-05-26 16:03:25 |
| CentOS 7 ELS | openldap | 2.4.44 | 9.8 | CRITICAL | In Testing | 2023-09-21 11:07:53 | |
| CentOS 8.4 ELS | openldap | 2.4.46-17 | 9.8 | CRITICAL | Released | CLSA-2022:1652987203 | 2022-05-12 22:31:28 |
| CentOS 8.5 ELS | openldap | 2.4.46-18 | 9.8 | CRITICAL | Released | CLSA-2022:1653329612 | 2022-05-23 16:30:15 |
| CloudLinux 6 ELS | openldap | 2.4.40 | 9.8 | CRITICAL | Released | CLSA-2022:1652986681 | 2022-05-26 16:03:24 |
| Oracle Linux 6 ELS | openldap | 2.4.40 | 9.8 | CRITICAL | Released | CLSA-2022:1652986513 | 2022-05-12 22:31:27 |
| Ubuntu 16.04 ELS | openldap | 2.4.42 | 9.8 | CRITICAL | Released | CLSA-2022:1652986454 | 2022-05-12 22:31:24 |
| Ubuntu 18.04 ELS | openldap | 2.4.45 | 9.8 | CRITICAL | Already Fixed | 2023-04-28 08:48:25 |