{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"openldap security update", "category":"general", "title":"Synopsis" }, { "text":"An update for openldap is now available for openEuler-20.03-LTS-SP4", "category":"general", "title":"Summary" }, { "text":"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.\n\nSecurity Fix(es):\n\nOpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.(CVE-2026-22185)", "category":"general", "title":"Description" }, { "text":"An update for openldap is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"openldap", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1335", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1335" }, { "summary":"CVE-2026-22185", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-22185&packageName=openldap" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22185" }, { "summary":"openEuler-SA-2026-1335 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1335.json" } ], "title":"An update for openldap is now available for openEuler-20.03-LTS-SP4", "tracking":{ "initial_release_date":"2026-02-14T15:28:29+08:00", "revision_history":[ { "date":"2026-02-14T15:28:29+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-02-14T15:28:29+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-02-14T15:28:29+08:00", "id":"openEuler-SA-2026-1335", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openEuler-20.03-LTS-SP4", "name":"openEuler-20.03-LTS-SP4" }, "name":"openEuler-20.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openldap-help-2.4.50-10.oe2003sp4.noarch.rpm", "name":"openldap-help-2.4.50-10.oe2003sp4.noarch.rpm" }, "name":"openldap-help-2.4.50-10.oe2003sp4.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openldap-2.4.50-10.oe2003sp4.aarch64.rpm", "name":"openldap-2.4.50-10.oe2003sp4.aarch64.rpm" }, "name":"openldap-2.4.50-10.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openldap-clients-2.4.50-10.oe2003sp4.aarch64.rpm", "name":"openldap-clients-2.4.50-10.oe2003sp4.aarch64.rpm" }, "name":"openldap-clients-2.4.50-10.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openldap-debuginfo-2.4.50-10.oe2003sp4.aarch64.rpm", "name":"openldap-debuginfo-2.4.50-10.oe2003sp4.aarch64.rpm" }, "name":"openldap-debuginfo-2.4.50-10.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openldap-debugsource-2.4.50-10.oe2003sp4.aarch64.rpm", "name":"openldap-debugsource-2.4.50-10.oe2003sp4.aarch64.rpm" }, "name":"openldap-debugsource-2.4.50-10.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openldap-devel-2.4.50-10.oe2003sp4.aarch64.rpm", "name":"openldap-devel-2.4.50-10.oe2003sp4.aarch64.rpm" }, "name":"openldap-devel-2.4.50-10.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openldap-servers-2.4.50-10.oe2003sp4.aarch64.rpm", "name":"openldap-servers-2.4.50-10.oe2003sp4.aarch64.rpm" }, "name":"openldap-servers-2.4.50-10.oe2003sp4.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openldap-2.4.50-10.oe2003sp4.src.rpm", "name":"openldap-2.4.50-10.oe2003sp4.src.rpm" }, "name":"openldap-2.4.50-10.oe2003sp4.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openldap-2.4.50-10.oe2003sp4.x86_64.rpm", "name":"openldap-2.4.50-10.oe2003sp4.x86_64.rpm" }, "name":"openldap-2.4.50-10.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openldap-clients-2.4.50-10.oe2003sp4.x86_64.rpm", "name":"openldap-clients-2.4.50-10.oe2003sp4.x86_64.rpm" }, "name":"openldap-clients-2.4.50-10.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openldap-debuginfo-2.4.50-10.oe2003sp4.x86_64.rpm", "name":"openldap-debuginfo-2.4.50-10.oe2003sp4.x86_64.rpm" }, "name":"openldap-debuginfo-2.4.50-10.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openldap-debugsource-2.4.50-10.oe2003sp4.x86_64.rpm", "name":"openldap-debugsource-2.4.50-10.oe2003sp4.x86_64.rpm" }, "name":"openldap-debugsource-2.4.50-10.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openldap-devel-2.4.50-10.oe2003sp4.x86_64.rpm", "name":"openldap-devel-2.4.50-10.oe2003sp4.x86_64.rpm" }, "name":"openldap-devel-2.4.50-10.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openldap-servers-2.4.50-10.oe2003sp4.x86_64.rpm", "name":"openldap-servers-2.4.50-10.oe2003sp4.x86_64.rpm" }, "name":"openldap-servers-2.4.50-10.oe2003sp4.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"openldap-help-2.4.50-10.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:openldap-help-2.4.50-10.oe2003sp4.noarch", "name":"openldap-help-2.4.50-10.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"openldap-2.4.50-10.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:openldap-2.4.50-10.oe2003sp4.aarch64", "name":"openldap-2.4.50-10.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"openldap-clients-2.4.50-10.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:openldap-clients-2.4.50-10.oe2003sp4.aarch64", "name":"openldap-clients-2.4.50-10.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"openldap-debuginfo-2.4.50-10.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:openldap-debuginfo-2.4.50-10.oe2003sp4.aarch64", "name":"openldap-debuginfo-2.4.50-10.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"openldap-debugsource-2.4.50-10.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:openldap-debugsource-2.4.50-10.oe2003sp4.aarch64", "name":"openldap-debugsource-2.4.50-10.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"openldap-devel-2.4.50-10.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:openldap-devel-2.4.50-10.oe2003sp4.aarch64", "name":"openldap-devel-2.4.50-10.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"openldap-servers-2.4.50-10.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:openldap-servers-2.4.50-10.oe2003sp4.aarch64", "name":"openldap-servers-2.4.50-10.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"openldap-2.4.50-10.oe2003sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:openldap-2.4.50-10.oe2003sp4.src", "name":"openldap-2.4.50-10.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"openldap-2.4.50-10.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:openldap-2.4.50-10.oe2003sp4.x86_64", "name":"openldap-2.4.50-10.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"openldap-clients-2.4.50-10.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:openldap-clients-2.4.50-10.oe2003sp4.x86_64", "name":"openldap-clients-2.4.50-10.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"openldap-debuginfo-2.4.50-10.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:openldap-debuginfo-2.4.50-10.oe2003sp4.x86_64", "name":"openldap-debuginfo-2.4.50-10.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"openldap-debugsource-2.4.50-10.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:openldap-debugsource-2.4.50-10.oe2003sp4.x86_64", "name":"openldap-debugsource-2.4.50-10.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"openldap-devel-2.4.50-10.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:openldap-devel-2.4.50-10.oe2003sp4.x86_64", "name":"openldap-devel-2.4.50-10.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"openldap-servers-2.4.50-10.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:openldap-servers-2.4.50-10.oe2003sp4.x86_64", "name":"openldap-servers-2.4.50-10.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-22185", "notes":[ { "text":"OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:openldap-help-2.4.50-10.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:openldap-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-clients-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-debuginfo-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-debugsource-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-devel-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-servers-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-2.4.50-10.oe2003sp4.src", "openEuler-20.03-LTS-SP4:openldap-2.4.50-10.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:openldap-clients-2.4.50-10.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:openldap-debuginfo-2.4.50-10.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:openldap-debugsource-2.4.50-10.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:openldap-devel-2.4.50-10.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:openldap-servers-2.4.50-10.oe2003sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:openldap-help-2.4.50-10.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:openldap-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-clients-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-debuginfo-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-debugsource-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-devel-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-servers-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-2.4.50-10.oe2003sp4.src", "openEuler-20.03-LTS-SP4:openldap-2.4.50-10.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:openldap-clients-2.4.50-10.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:openldap-debuginfo-2.4.50-10.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:openldap-debugsource-2.4.50-10.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:openldap-devel-2.4.50-10.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:openldap-servers-2.4.50-10.oe2003sp4.x86_64" ], "details":"openldap security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1335" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.6, "vectorString":"CVSS:3.1/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:openldap-help-2.4.50-10.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:openldap-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-clients-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-debuginfo-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-debugsource-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-devel-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-servers-2.4.50-10.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:openldap-2.4.50-10.oe2003sp4.src", "openEuler-20.03-LTS-SP4:openldap-2.4.50-10.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:openldap-clients-2.4.50-10.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:openldap-debuginfo-2.4.50-10.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:openldap-debugsource-2.4.50-10.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:openldap-devel-2.4.50-10.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:openldap-servers-2.4.50-10.oe2003sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-22185" } ] }