CVE-2023-2953: Null Pointer Dereference
First published: Mon May 29 2023(Updated: )
A vulnerability was found in openldap that can cause a null pointer dereference in the ber_memalloc_x() function.
Credit: secalert@redhat.com secalert@redhat.com Sandipan Roy Sandipan Roy Sandipan Roy secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/openldap | <=2.4.57+dfsg-3+deb11u1<=2.5.13+dfsg-5 | 2.5.18+dfsg-3 |
| Apple macOS | <11.7.9 | 11.7.9 |
| macOS | <12.6.8 | 12.6.8 |
| macOS Ventura | <13.5 | 13.5 |
| Red Hat OpenLDAP Servers | =2.4 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 | |
| macOS | >=11.0<11.7.9 | |
| macOS | >=12.0<12.6.8 | |
| macOS | >=13.0<13.5 | |
| NetApp Active IQ Unified Manager for VMware vSphere | ||
| IBM Data ONTAP | ||
| NetApp ONTAP Tools for VMware vSphere | ||
| All of | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| All of | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700S | ||
| NetApp H700S | ||
| All of | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| All of | ||
| NetApp H410C | ||
| NetApp H410C Firmware | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H700S | ||
| NetApp H700S | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| NetApp H410C | ||
| NetApp H410C Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.openldap.org/show_bug.cgi?id=9904
- https://access.redhat.com/security/cve/CVE-2023-2953
- https://www.cve.org/CVERecord?id=CVE-2023-2953 https://nvd.nist.gov/vuln/detail/CVE-2023-2953
- https://bugzilla.redhat.com/show_bug.cgi?id=2210651
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2210652
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2210653
- https://support.apple.com/en-us/HT213844 (Advisory)
- https://security.netapp.com/advisory/ntap-20230703-0005/
- https://support.apple.com/kb/HT213843
- https://support.apple.com/kb/HT213844
- https://support.apple.com/kb/HT213845
- http://seclists.org/fulldisclosure/2023/Jul/47
- http://seclists.org/fulldisclosure/2023/Jul/48
- http://seclists.org/fulldisclosure/2023/Jul/52
- https://launchpad.net/bugs/cve/CVE-2023-2953
- https://git.openldap.org/openldap/openldap/-/commit/ea8dd2d279c5aeaf9d4672a4e95bebd99babcce1
- https://git.openldap.org/openldap/openldap/-/commit/3f2abd0b2eeec8522e50d5c4ea4992e70e8f9915
- https://git.openldap.org/openldap/openldap/-/commit/c5c8c06a8bd52ea7b843e7d8ca961a7d1800ce5f
- https://git.openldap.org/openldap/openldap/-/commit/840944e26f734bb03d925f26c4ef11a6cedcbb9c
- https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce
- https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b
- https://security-tracker.debian.org/tracker/CVE-2023-2953
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953
- https://nvd.nist.gov/vuln/detail/CVE-2023-2953
- https://ubuntu.com/security/CVE-2023-2953
- https://support.apple.com/en-us/HT213845 (Advisory)
- https://support.apple.com/en-us/HT213843 (Advisory)
- https://www.ibm.com/support/pages/node/7182403 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-40442
- CVE-2023-34425
- CVE-2023-32364
- CVE-2023-35983
- CVE-2023-40392
- CVE-2023-34241
- CVE-2023-28319
- CVE-2023-28320
- CVE-2023-28321
- CVE-2023-28322
- CVE-2023-41990
- CVE-2023-36854
- CVE-2023-32418
- CVE-2023-32381
- CVE-2023-32433
- CVE-2023-35993
- CVE-2023-38603
- CVE-2023-38590
- CVE-2023-38598
- CVE-2023-37285
- CVE-2023-38604
- CVE-2023-38606
- CVE-2023-32441
- CVE-2023-38565
- CVE-2023-38593
- CVE-2023-38571
- CVE-2023-29491
- CVE-2023-38601
- CVE-2023-32444
- CVE-2023-2953
- CVE-2023-42829
- CVE-2023-38259
- CVE-2023-38602
- CVE-2023-42831
- CVE-2023-32443
- CVE-2023-42832
- CVE-2023-32422
- CVE-2023-32429
- CVE-2023-1801
- CVE-2023-2426
- CVE-2023-2609
- CVE-2023-2610
- CVE-2023-32416
- CVE-2023-36495
- CVE-2023-40440
- CVE-2023-38421
- CVE-2023-38258
- CVE-2023-1916
- CVE-2023-32442
- CVE-2023-38605
- CVE-2023-40439
- CVE-2023-38616
- CVE-2023-38580
- CVE-2023-36862
- CVE-2023-42828
- CVE-2023-40437
- CVE-2022-3970
- CVE-2023-28200
- CVE-2023-32734
- CVE-2023-38261
- CVE-2023-38424
- CVE-2023-38425
- CVE-2023-38410
- CVE-2023-38609
- CVE-2023-38564
- CVE-2023-32654
- CVE-2023-38608
- CVE-2023-40397
- CVE-2023-38572
- CVE-2023-38599
- CVE-2023-32445
- CVE-2023-38592
- CVE-2023-38594
- CVE-2023-38595
- CVE-2023-38600
- CVE-2023-38611
- CVE-2023-37450
- CVE-2023-42866
- CVE-2023-38597
- CVE-2023-38133
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2023-2953.
What is the severity level of CVE-2023-2953?
The severity level of CVE-2023-2953 is high (7).
What is the affected software?
The affected software includes OpenLDAP version 2.4, Redhat Enterprise Linux versions 8.0 and 9.0, Apple macOS versions 11.0 to 11.7.9, Apple macOS versions 12.0 to 12.6.8, and Apple macOS versions 13.0 to 13.5.
What is the vulnerability description?
The vulnerability causes a null pointer dereference in the ber_memalloc_x() function of OpenLDAP.
How can I mitigate this vulnerability?
To mitigate this vulnerability, apply the patches provided by the respective vendors or upgrade to a non-vulnerable version of the affected software.
- collector/nvd-latest
- collector/redhat-cve
- collector/redhat-bugzilla
- alias/CVE-2023-2953
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/remedy
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/trending
- collector/mitre-cve
- source/MITRE
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup-request
- agent/source
- agent/description
- collector/ibm-support
- source/IBM
- agent/references
- agent/last-modified-date
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- collector/nvd-index
- package-manager/debian
- vendor/apple
- canonical/apple macos
- canonical/macos
- canonical/macos ventura
- vendor/openldap
- canonical/red hat openldap servers
- version/red hat openldap servers/2.4
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0
- version/macos/11.0
- version/macos/12.0
- version/macos/13.0
- vendor/netapp
- canonical/netapp active iq unified manager for vmware vsphere
- canonical/ibm data ontap
- canonical/netapp ontap tools for vmware vsphere
- canonical/netapp h300s firmware
- canonical/netapp h500e firmware
- canonical/netapp h700s
- canonical/netapp h410s
- canonical/netapp h410s firmware
- canonical/netapp h410c
- canonical/netapp h410c firmware