CVE-2023-2953

Description

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

How to fix CVE-2023-2953

To remediate CVE-2023-2953, upgrade the affected package to a fixed version below.

• Bitnami/openldap—upgrade to 2.4.1 or later
• Debian/openldap—no fix listed

Is CVE-2023-2953 being exploited?

Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• >= 2.4.0, < 2.4.1
• from 0

CVSS scores

References (11)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2023-2953
• WEBaccess.redhat.com/security/cve/CVE-2023-2953
• WEBbugs.openldap.org/show_bug.cgi?id=9904
• WEBseclists.org/fulldisclosure/2023/Jul/47
• WEB