Security vulnerabilities and automated fixes for ldap issues
2 posts found
A high-severity LDAP injection vulnerability was discovered in the OpenSIPS H350 module, where the `ldap_rfc4515_escape()` function failed to escape the NUL byte (`\0`) — one of the special characters defined in RFC 4515. This gap meant that crafted SIP URI values could bypass the escaping logic and manipulate LDAP filter queries. The fix adds explicit NUL byte escaping and replaces potentially unsafe `strncpy` calls with `memcpy` to ensure correct buffer handling.
A critical buffer overflow vulnerability was discovered and patched in an LDAP module where the use of `sprintf` without bounds checking allowed attacker-controlled input to overflow a stack buffer during hex-escape processing. This type of vulnerability can lead to remote code execution, privilege escalation, or full system compromise, making it one of the most dangerous classes of bugs in systems programming. The fix replaces the unchecked `sprintf` call with a bounds-aware alternative, closin