CVE-2010-0212

N/A Unknown

Published: July 28, 2010 Modified: April 29, 2026

Description

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: cret@cert.org

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

Source: cret@cert.org

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

Source: cret@cert.org

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

Source: cret@cert.org

http://secunia.com/advisories/40639

Source: cret@cert.org

Vendor Advisory

http://secunia.com/advisories/40687

Source: cret@cert.org

Vendor Advisory

http://secunia.com/advisories/42787

Source: cret@cert.org

http://security.gentoo.org/glsa/glsa-201406-36.xml

Source: cret@cert.org

http://support.apple.com/kb/HT4435

Source: cret@cert.org

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570

Source: cret@cert.org

Exploit

http://www.redhat.com/support/errata/RHSA-2010-0542.html

Source: cret@cert.org

http://www.securityfocus.com/archive/1/515545/100/0/threaded

Source: cret@cert.org

http://www.securityfocus.com/bid/41770

Source: cret@cert.org

Exploit Patch

http://www.securitytracker.com/id?1024221

Source: cret@cert.org

http://www.vmware.com/security/advisories/VMSA-2011-0001.html

Source: cret@cert.org

http://www.vupen.com/english/advisories/2010/1849

Source: cret@cert.org

Patch Vendor Advisory

http://www.vupen.com/english/advisories/2010/1858

Source: cret@cert.org

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0025

Source: cret@cert.org

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: af854a3a-2127-422b-91ae-364da2661108

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/40639

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/40687

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/42787

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-201406-36.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4435

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=6570

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.redhat.com/support/errata/RHSA-2010-0542.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/515545/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/41770

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Patch

http://www.securitytracker.com/id?1024221

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vmware.com/security/advisories/VMSA-2011-0001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/1849

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://www.vupen.com/english/advisories/2010/1858

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0025

Source: af854a3a-2127-422b-91ae-364da2661108

36 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

66.9%

99th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

openldap

Related CVEs

CVE-2026-8108 7.8

CVE-2026-5371 7.1

CVE-2026-44548 8.1

CVE-2026-44547 9.6

CVE-2026-44352 N/A