CVE-2023-2953 – This vulnerability in OpenLDAP causes a null po... (How to Fix)

Q: What is the severity of CVE-2023-2953?

CVE-2023-2953 has a CVSS score of 7.5 (HIGH). This vulnerability in OpenLDAP causes a null pointer dereference in the ber_memalloc_x() function, which can lead to denial of service (DoS) by crashing the LDAP service. Any system running vulnerable versions of OpenLDAP is affected, particularly LDAP servers and clients using the affected library.

📋 TL;DR

This vulnerability in OpenLDAP causes a null pointer dereference in the ber_memalloc_x() function, which can lead to denial of service (DoS) by crashing the LDAP service. Any system running vulnerable versions of OpenLDAP is affected, particularly LDAP servers and clients using the affected library.

💻 Affected Systems

Products:

OpenLDAP

Versions: OpenLDAP 2.4.0 through 2.6.3

Operating Systems: Linux, Unix, BSD variants

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations using the vulnerable library functions are affected. The vulnerability is triggered through specific BER (Basic Encoding Rules) processing.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Ontap Tools by Netapp

View all CVEs affecting Ontap Tools →

Openldap by Openldap

View all CVEs affecting Openldap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete LDAP service crash leading to denial of service, potentially disrupting authentication and directory services across an organization.

🟠

Likely Case

Service crash requiring manual restart, causing temporary authentication and directory lookup failures.

🟢

If Mitigated

Limited impact with proper monitoring and automated restart mechanisms in place.

🌐 Internet-Facing: MEDIUM - Internet-facing LDAP servers could be targeted for DoS attacks, but exploitation requires specific conditions.

🏢 Internal Only: MEDIUM - Internal LDAP servers could be crashed, disrupting internal authentication and directory services.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted LDAP packets to trigger the null pointer dereference. Public proof-of-concept code exists in the disclosure references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OpenLDAP 2.6.4 and later

Vendor Advisory: https://bugs.openldap.org/show_bug.cgi?id=9904

Restart Required: Yes

Instructions:

1. Download OpenLDAP 2.6.4 or later from openldap.org. 2. Stop the LDAP service. 3. Install the updated version. 4. Restart the LDAP service. 5. Verify the service is running correctly.

🔧 Temporary Workarounds

Network filtering

linux

Block or filter malicious LDAP packets at network perimeter

iptables -A INPUT -p tcp --dport 389 -m string --string "malicious_pattern" --algo bm -j DROP

Rate limiting

linux

Limit LDAP connection rates to reduce DoS impact

iptables -A INPUT -p tcp --dport 389 -m limit --limit 10/min --limit-burst 20 -j ACCEPT

🧯 If You Can't Patch

Implement network segmentation to isolate LDAP servers from untrusted networks
Deploy monitoring and automated restart scripts to minimize service disruption

🔍 How to Verify

Check if Vulnerable:

Check OpenLDAP version with: slapd -V 2>&1 | grep '^@'

Check Version:

slapd -V 2>&1 | head -5

Verify Fix Applied:

Verify version is 2.6.4 or higher: slapd -V 2>&1 | grep '2.6.[4-9]\|2.[7-9]'

📡 Detection & Monitoring

Log Indicators:

LDAP service crash logs
Segmentation fault errors in system logs
Unexpected slapd process termination

Network Indicators:

Unusual LDAP packet patterns
Multiple connection attempts to LDAP port 389

SIEM Query:

source="ldap.log" AND ("segmentation fault" OR "null pointer" OR "crash")

📊 Metadata

CVE ID: CVE-2023-2953

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: May 30, 2023

Last Updated: January 10, 2025

🔗 References

http://seclists.org/fulldisclosure/2023/Jul/47 Mailing List
http://seclists.org/fulldisclosure/2023/Jul/48 Mailing List
http://seclists.org/fulldisclosure/2023/Jul/52 Mailing List
https://access.redhat.com/security/cve/CVE-2023-2953 Third Party Advisory
https://bugs.openldap.org/show_bug.cgi?id=9904 Issue Tracking,Vendor Advisory
https://security.netapp.com/advisory/ntap-20230703-0005/ Third Party Advisory
https://support.apple.com/kb/HT213843 Third Party Advisory
https://support.apple.com/kb/HT213844 Third Party Advisory
https://support.apple.com/kb/HT213845 Third Party Advisory
http://seclists.org/fulldisclosure/2023/Jul/47 Mailing List
http://seclists.org/fulldisclosure/2023/Jul/48 Mailing List
http://seclists.org/fulldisclosure/2023/Jul/52 Mailing List
https://access.redhat.com/security/cve/CVE-2023-2953 Third Party Advisory
https://bugs.openldap.org/show_bug.cgi?id=9904 Issue Tracking,Vendor Advisory
https://security.netapp.com/advisory/ntap-20230703-0005/ Third Party Advisory
https://support.apple.com/kb/HT213843 Third Party Advisory
https://support.apple.com/kb/HT213844 Third Party Advisory
https://support.apple.com/kb/HT213845 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-2953, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Active Iq Unified Manager by Netapp

Clustered Data Ontap by Netapp

Enterprise Linux by Redhat

Enterprise Linux by Redhat

H300s Firmware by Netapp

H410c Firmware by Netapp

H410s Firmware by Netapp

H500s Firmware by Netapp

H700s Firmware by Netapp

Macos by Apple

Macos by Apple

Macos by Apple

Ontap Tools by Netapp

Openldap by Openldap

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network filtering

Rate limiting

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities