CVE-2021-46823

Denial of Service in python-ldap in pypi/python-ldap

Identifiers

GHSA-qfr5-wjpw-q4c4, CVE-2021-46823

Package Slug

pypi/python-ldap

Vulnerability

Denial of Service in python-ldap

Description

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.

Affected Versions

All versions before 3.4.0

Solution

Upgrade to version 3.4.0 or above.

Last Modified

2022-06-21

source