CVE-2008-2952 — openldap - denial of service

Description

liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.

How to fix CVE-2008-2952

To remediate CVE-2008-2952, upgrade the affected package to a fixed version below.

Debian/openldap—upgrade to 2.4.10-3 or later
Debian/openldap—upgrade to 2.4.10-2+lenny1 or later
Debian/openldap2.3—upgrade to 2.3.30-5+etch2 or later

Is CVE-2008-2952 being exploited?

Moderate — EPSS is 13.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (3)

from 0, < 2.4.10-3
from 0, < 2.4.10-2+lenny1
from 0, < 2.3.30-5+etch2

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-2952