Heap-based buffer overflow in OpenLDAP's UTF8StringNormalize function allows for denial of service (slapd crash) via zero-length string input

Heap-based buffer overflow in OpenLDAP's UTF8StringNormalize function allows for denial of service (slapd crash) via zero-length string input

CVE-2011-4079 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:N/A:P

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.

Learn more about our Web Application Penetration Testing UK.