CVE-2023-2953: Null Pointer Dereference
First published: Mon May 29 2023(Updated: )
A vulnerability was found in openldap that can cause a null pointer dereference in the ber_memalloc_x() function.
Credit: secalert@redhat.com secalert@redhat.com Sandipan Roy Sandipan Roy Sandipan Roy secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Big Sur | <11.7.9 | 11.7.9 |
| Apple macOS Ventura | <13.5 | 13.5 |
| Apple macOS Monterey | <12.6.8 | 12.6.8 |
| ubuntu/openldap | <2.4.45+dfsg-1ubuntu1.11+ | 2.4.45+dfsg-1ubuntu1.11+ |
| ubuntu/openldap | <2.4.49+dfsg-2ubuntu1.10 | 2.4.49+dfsg-2ubuntu1.10 |
| ubuntu/openldap | <2.5.16+dfsg-0ubuntu0.22.04.2 | 2.5.16+dfsg-0ubuntu0.22.04.2 |
| ubuntu/openldap | <2.4.31-1+ | 2.4.31-1+ |
| ubuntu/openldap | <2.6.4 | 2.6.4 |
| ubuntu/openldap | <2.4.42+dfsg-2ubuntu3.13+ | 2.4.42+dfsg-2ubuntu3.13+ |
| debian/openldap | <=2.4.47+dfsg-3+deb10u7<=2.4.57+dfsg-3+deb11u1<=2.5.13+dfsg-5 | 2.5.17+dfsg-1 |
| Openldap Openldap | =2.4 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| Apple macOS | >=11.0<11.7.9 | |
| Apple macOS | >=12.0<12.6.8 | |
| Apple macOS | >=13.0<13.5 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| NetApp Clustered Data ONTAP | ||
| Netapp Ontap Tools Vmware Vsphere | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| All of | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| All of | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| All of | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| All of | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| All of | ||
| Netapp H410c Firmware | ||
| Netapp H410c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.openldap.org/show_bug.cgi?id=9904
- https://access.redhat.com/security/cve/CVE-2023-2953
- https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953
- https://bugzilla.redhat.com/show_bug.cgi?id=2210651
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2210652
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2210653
- http://seclists.org/fulldisclosure/2023/Jul/47
- http://seclists.org/fulldisclosure/2023/Jul/48
- http://seclists.org/fulldisclosure/2023/Jul/52
- https://security.netapp.com/advisory/ntap-20230703-0005/
- https://support.apple.com/kb/HT213843
- https://support.apple.com/kb/HT213844
- https://support.apple.com/kb/HT213845
- https://support.apple.com/en-us/HT213845 (Advisory)
- https://support.apple.com/en-us/HT213843 (Advisory)
- https://support.apple.com/en-us/HT213844 (Advisory)
- https://launchpad.net/bugs/cve/CVE-2023-2953
- https://git.openldap.org/openldap/openldap/-/commit/ea8dd2d279c5aeaf9d4672a4e95bebd99babcce1
- https://git.openldap.org/openldap/openldap/-/commit/3f2abd0b2eeec8522e50d5c4ea4992e70e8f9915
- https://git.openldap.org/openldap/openldap/-/commit/c5c8c06a8bd52ea7b843e7d8ca961a7d1800ce5f
- https://git.openldap.org/openldap/openldap/-/commit/840944e26f734bb03d925f26c4ef11a6cedcbb9c
- https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce
- https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b
- https://security-tracker.debian.org/tracker/CVE-2023-2953
- https://ubuntu.com/security/notices/USN-6197-1
- https://ubuntu.com/security/notices/USN-6616-1
- https://www.cve.org/CVERecord?id=CVE-2023-2953
- https://nvd.nist.gov/vuln/detail/CVE-2023-2953
- https://ubuntu.com/security/CVE-2023-2953
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-40442
- CVE-2023-34425
- CVE-2023-32364
- CVE-2023-35983
- CVE-2023-40392
- CVE-2023-34241
- CVE-2023-28319
- CVE-2023-28320
- CVE-2023-28321
- CVE-2023-28322
- CVE-2023-41990
- CVE-2023-36854
- CVE-2023-32418
- CVE-2023-32381
- CVE-2023-32433
- CVE-2023-35993
- CVE-2023-38603
- CVE-2023-38590
- CVE-2023-38598
- CVE-2023-37285
- CVE-2023-38604
- CVE-2023-38606
- CVE-2023-32441
- CVE-2023-38565
- CVE-2023-38593
- CVE-2023-38571
- CVE-2023-29491
- CVE-2023-38601
- CVE-2023-32444
- CVE-2023-2953
- CVE-2023-42829
- CVE-2023-38259
- CVE-2023-38602
- CVE-2023-42831
- CVE-2023-32443
- CVE-2023-42832
- CVE-2023-32422
- CVE-2023-32429
- CVE-2023-1801
- CVE-2023-2426
- CVE-2023-2609
- CVE-2023-2610
- CVE-2023-40439
- CVE-2023-38616
- CVE-2023-38580
- CVE-2023-36862
- CVE-2023-42828
- CVE-2023-32416
- CVE-2023-40437
- CVE-2022-3970
- CVE-2023-28200
- CVE-2023-36495
- CVE-2023-32734
- CVE-2023-38261
- CVE-2023-38424
- CVE-2023-38425
- CVE-2023-38410
- CVE-2023-40440
- CVE-2023-38258
- CVE-2023-38421
- CVE-2023-1916
- CVE-2023-38609
- CVE-2023-38564
- CVE-2023-32442
- CVE-2023-32654
- CVE-2023-38608
- CVE-2023-38605
- CVE-2023-40397
- CVE-2023-38572
- CVE-2023-38599
- CVE-2023-32445
- CVE-2023-38592
- CVE-2023-38594
- CVE-2023-38595
- CVE-2023-38600
- CVE-2023-38611
- CVE-2023-37450
- CVE-2023-42866
- CVE-2023-38597
- CVE-2023-38133
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2023-2953.
What is the severity level of CVE-2023-2953?
The severity level of CVE-2023-2953 is high (7).
What is the affected software?
The affected software includes OpenLDAP version 2.4, Redhat Enterprise Linux versions 8.0 and 9.0, Apple macOS versions 11.0 to 11.7.9, Apple macOS versions 12.0 to 12.6.8, and Apple macOS versions 13.0 to 13.5.
What is the vulnerability description?
The vulnerability causes a null pointer dereference in the ber_memalloc_x() function of OpenLDAP.
How can I mitigate this vulnerability?
To mitigate this vulnerability, apply the patches provided by the respective vendors or upgrade to a non-vulnerable version of the affected software.
- collector/nvd-latest
- collector/redhat-cve
- collector/redhat-bugzilla
- alias/CVE-2023-2953
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup-request
- agent/software-canonical-lookup
- agent/weakness
- agent/description
- collector/launchpad-cve
- source/Launchpad
- agent/event
- agent/author
- agent/remedy
- collector/usn-cve
- source/Ubuntu
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- vendor/apple
- canonical/apple macos big sur
- canonical/apple macos ventura
- canonical/apple macos monterey
- package-manager/ubuntu
- package-manager/debian
- vendor/openldap
- canonical/openldap openldap
- version/openldap openldap/2.4
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- canonical/apple macos
- version/apple macos/11.0
- version/apple macos/12.0
- version/apple macos/13.0
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp clustered data ontap
- canonical/netapp ontap tools vmware vsphere
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h410s firmware
- canonical/netapp h410s
- canonical/netapp h410c firmware
- canonical/netapp h410c