CVE-2023-2953
CVE Details
Visit the official vulnerability details page for CVE-2023-2953 to learn more.
Initial Publication
01/20/2025
Last Update
09/02/2025
Third Party Dependency
libldap-2.5-0
NIST CVE Summary
A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
CVE Severity
Our Official Summary
This is a high-severity vulnerability in OpenLDAP, not in libxml2. It involves a null pointer dereference in the ber_memalloc_x() function, which can lead to a denial-of-service (DoS) attack. This flaw arises when the function fails to handle memory allocation failures properly, potentially causing the application to crash when processing specially crafted LDAP requests.
Risk of exploitation is low for our products as attacker has to gain privilged access to the container and run code on the container to be able to exploit this. Probability of exploitation is very low. If a fix becomes available upstream, that will be adopted to fix this vulnerability.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.16 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.41 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.22 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 05/29/2025 | Status changed from Open to Ongoing |
| 05/29/2025 | Official summary added |