What is the impact of CVE-2007-6698?

CVE-2007-6698 can cause the OpenLDAP slapd daemon to crash during a modify operation with NOOP control.

Which versions of OpenLDAP are affected by CVE-2007-6698?

CVE-2007-6698 affects OpenLDAP versions up to and including 2.3.35.

How can I mitigate the issue related to CVE-2007-6698?

To mitigate CVE-2007-6698, you should update OpenLDAP to a patched version that addresses this vulnerability.

What types of operations trigger the vulnerability in CVE-2007-6698?

The vulnerability in CVE-2007-6698 is triggered by a modify operation using the NOOP control.

Is there a known fix for CVE-2007-6698?

Yes, a patch for CVE-2007-6698 is available and should be applied to affected systems.

Vulnerability/
CVE-2007-6698

medium

CWE

399 415

1/2/2008

7/8/2024

CVE-2007-6698: Double Free

First published: Fri Feb 01 2008(Updated: )

It was discovered that modify operation with NOOP control on an entry stored in BDB backed can cause OpenLDAP's slapd daemon to crash. Further details and patch can be found in upstream bug / CVS: <a href="http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4925">http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4925</a> <a href="http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modify.c.diff?r1=1.124.2.16&r2=1.124.2.17&f=h">http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-bdb/modify.c.diff?r1=1.124.2.16&r2=1.124.2.17&f=h</a> NOOP control was introduced in OpenLDAP 2.1 branch as documented on roadmap page: <a href="http://www.openldap.org/software/roadmap.html">http://www.openldap.org/software/roadmap.html</a> This issue was fixed upstream in version 2.3.36: <a href="http://www.openldap.org/devel/cvsweb.cgi/~checkout~/Attic/CHANGES?rev=1.5.8.414">http://www.openldap.org/devel/cvsweb.cgi/~checkout~/Attic/CHANGES?rev=1.5.8.414</a>

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Red Hat OpenLDAP Servers	<=2.3.35

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the impact of CVE-2007-6698?
CVE-2007-6698 can cause the OpenLDAP slapd daemon to crash during a modify operation with NOOP control.
Which versions of OpenLDAP are affected by CVE-2007-6698?
CVE-2007-6698 affects OpenLDAP versions up to and including 2.3.35.
How can I mitigate the issue related to CVE-2007-6698?
To mitigate CVE-2007-6698, you should update OpenLDAP to a patched version that addresses this vulnerability.
What types of operations trigger the vulnerability in CVE-2007-6698?
The vulnerability in CVE-2007-6698 is triggered by a modify operation using the NOOP control.
Is there a known fix for CVE-2007-6698?
Yes, a patch for CVE-2007-6698 is available and should be applied to affected systems.

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2007-6698
agent/author
agent/references
agent/last-modified-date
agent/weakness
agent/severity
agent/event
agent/description
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/openldap
canonical/red hat openldap servers
version/red hat openldap servers/2.3.35