CVE-2021-46823
Published: 18 June 2022
Summary
CVE-2021-46823 is a medium-severity Inefficient Regular Expression Complexity (CWE-1333) vulnerability in Python-Ldap Python-Ldap. Its CVSS base score is 6.5 (Medium).
Operationally, ranked at the 40.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-6131
Vulnerability details
python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote…
more
authenticated attacker could exploit this vulnerability to cause a denial of service condition.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.