The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

• S10 – Denial of Service

EPSS

Score: 0.01816
Percentile: 0.82056

CVSS Scoring

Mapped CWE(s)

• CWE-824 : Access of Uninitialized Pointer

Affected Products

• cpe:2.3:a:sun:java_system_directory_server:5.2:*:*:*:*:*:*:*
• cpe:2.3:a:sun:one_directory_server:5.1:*:*:*:*:*:*:*
• cpe:2.3:a:sun:one_directory_server:5.2:*:*:*:*:*:*:*

← Back to Home