GMS-2021-11: ReDoS in LDAP schema parser
https://github.com/python-ldap/python-ldap/issues/424
Impact
The LDAP schema parser of python-ldap are vulnerable to a regular expression denial-of-service attack. The issue affects clients that use ldap.schema package to parse LDAP schema definitions from an untrusted source.
Patches
The upcoming release of python-ldap will contain a workaround to prevent ReDoS attacks. The schema parser refuses schema definitions with an excessive amount of backslashes.
Workarounds
As a workaround, users can check input for excessive amount of backslashes in schemas. More than a dozen backslashes per line are atypical.
References
For more information
If you have any questions or comments about this advisory:
- Open an issue in python-ldap tracker
References
Code Behaviors & Features
Detect and mitigate GMS-2021-11 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →