CVE-2012-1164

low

Published 2012-06-29 · Modified 2026-04-29

CVSS v3

—

CVSS v2

2.6

VIR risk

2.6

Description

slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-1164

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7143

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/49607

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/48372

OS impact

OS	Version	Status	Fixed in
debian	bookworm	fixed	`2.4.31-1`
debian	bullseye	fixed	`2.4.31-1`
debian	forky	fixed	`2.4.31-1`
debian	sid	fixed	`2.4.31-1`
debian	trixie	fixed	`2.4.31-1`

Application impact

Vendor	Product	Versions
openldap	openldap	`{"endIncluding":"2.4.29"}`
openldap	openldap	`2.4.6`
openldap	openldap	`2.4.7`
openldap	openldap	`2.4.8`
openldap	openldap	`2.4.9`
openldap	openldap	`2.4.10`
openldap	openldap	`2.4.11`
openldap	openldap	`2.4.12`
openldap	openldap	`2.4.13`
openldap	openldap	`2.4.14`
openldap	openldap	`2.4.15`
openldap	openldap	`2.4.16`
openldap	openldap	`2.4.17`
openldap	openldap	`2.4.18`
openldap	openldap	`2.4.19`
openldap	openldap	`2.4.20`
openldap	openldap	`2.4.21`
openldap	openldap	`2.4.22`
openldap	openldap	`2.4.23`
openldap	openldap	`2.4.24`
openldap	openldap	`2.4.25`
openldap	openldap	`2.4.26`
openldap	openldap	`2.4.27`
openldap	openldap	`2.4.28`

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.