CVE-2013-4449

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.

Published: Feb 5, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-4449
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x
openldap / openldap	2.4.17	2.4.17.x
openldap / openldap	2.4.6	2.4.6.x
openldap / openldap	2.4.11	2.4.11.x
openldap / openldap	2.4.8	2.4.8.x
openldap / openldap	2.4.26	2.4.26.x
openldap / openldap	2.4.31	2.4.31.x
openldap / openldap	2.4.9	2.4.9.x
openldap / openldap	2.4.16	2.4.16.x
openldap / openldap	2.4.29	2.4.29.x
openldap / openldap	2.4.32	2.4.32.x
openldap / openldap	2.4.22	2.4.22.x
openldap / openldap	2.4.25	2.4.25.x
openldap / openldap	2.4.20	2.4.20.x
openldap / openldap	2.4.15	2.4.15.x
openldap / openldap	-	2.4.36.x
openldap / openldap	2.4.18	2.4.18.x
openldap / openldap	2.4.27	2.4.27.x
openldap / openldap	2.4.7	2.4.7.x
openldap / openldap	2.4.28	2.4.28.x
openldap / openldap	2.4.23	2.4.23.x
openldap / openldap	2.4.24	2.4.24.x
openldap / openldap	2.4.34	2.4.34.x
openldap / openldap	2.4.14	2.4.14.x
openldap / openldap	2.4.19	2.4.19.x
openldap / openldap	2.4.12	2.4.12.x
openldap / openldap	2.4.21	2.4.21.x
openldap / openldap	2.4.30	2.4.30.x
openldap / openldap	2.4.13	2.4.13.x
openldap / openldap	2.4.10	2.4.10.x
openldap / openldap	2.4.35	2.4.35.x
openldap / openldap	2.4.33	2.4.33.x

Vulnerability Database

289,599

CVE-2013-4449