Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
python-ldap Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination
Vulnerability Description
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.
CVSS Information
N/A
Vulnerability Type
对输出编码和转义不恰当
Vulnerability Title
python-ldap 安全漏洞
Vulnerability Description
python-ldap是python基金会的一个用于 Python 的 LDAP 客户端 API。 python-ldap 3.4.5之前版本存在安全漏洞,该漏洞源于ldap.dn.escape_dn_chars函数对x00转义不正确,可能导致客户端拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A