{"id":"USN-5424-2","summary":"openldap vulnerability","details":"USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.\n\nOriginal advisory details:\n\n It was discovered that OpenLDAP incorrectly handled certain SQL statements\n within LDAP queries in the experimental back-sql backend. A remote attacker\n could possibly use this issue to perform an SQL injection attack and alter\n the database.\n","modified":"2026-04-22T10:24:21.398668Z","published":"2022-05-19T14:39:17Z","related":["UBUNTU-CVE-2022-29155"],"upstream":["CVE-2022-29155","UBUNTU-CVE-2022-29155"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5424-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-29155"}],"affected":[{"package":{"name":"openldap","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/openldap@2.4.31-1+nmu2ubuntu8.5+esm5?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.31-1+nmu2ubuntu8.5+esm5"}]}],"versions":["2.4.31-1+nmu2ubuntu3","2.4.31-1+nmu2ubuntu4","2.4.31-1+nmu2ubuntu5","2.4.31-1+nmu2ubuntu8","2.4.31-1+nmu2ubuntu8.1","2.4.31-1+nmu2ubuntu8.2","2.4.31-1+nmu2ubuntu8.3","2.4.31-1+nmu2ubuntu8.4","2.4.31-1+nmu2ubuntu8.5","2.4.31-1+nmu2ubuntu8.5+esm1","2.4.31-1+nmu2ubuntu8.5+esm2","2.4.31-1+nmu2ubuntu8.5+esm3","2.4.31-1+nmu2ubuntu8.5+esm4"],"ecosystem_specific":{"binaries":[{"binary_version":"2.4.31-1+nmu2ubuntu8.5+esm5","binary_name":"ldap-utils"},{"binary_version":"2.4.31-1+nmu2ubuntu8.5+esm5","binary_name":"libldap-2.4-2"},{"binary_version":"2.4.31-1+nmu2ubuntu8.5+esm5","binary_name":"slapd"},{"binary_version":"2.4.31-1+nmu2ubuntu8.5+esm5","binary_name":"slapd-smbk5pwd"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5424-2.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-29155"}],"ecosystem":"Ubuntu:Pro:14.04:LTS"}}},{"package":{"name":"openldap","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/openldap@2.4.42+dfsg-2ubuntu3.13+esm1?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.42+dfsg-2ubuntu3.13+esm1"}]}],"versions":["2.4.41+dfsg-1ubuntu2","2.4.41+dfsg-1ubuntu3","2.4.42+dfsg-2ubuntu1","2.4.42+dfsg-2ubuntu3","2.4.42+dfsg-2ubuntu3.1","2.4.42+dfsg-2ubuntu3.2","2.4.42+dfsg-2ubuntu3.3","2.4.42+dfsg-2ubuntu3.4","2.4.42+dfsg-2ubuntu3.5","2.4.42+dfsg-2ubuntu3.6","2.4.42+dfsg-2ubuntu3.7","2.4.42+dfsg-2ubuntu3.8","2.4.42+dfsg-2ubuntu3.9","2.4.42+dfsg-2ubuntu3.10","2.4.42+dfsg-2ubuntu3.11","2.4.42+dfsg-2ubuntu3.12","2.4.42+dfsg-2ubuntu3.13"],"ecosystem_specific":{"binaries":[{"binary_version":"2.4.42+dfsg-2ubuntu3.13+esm1","binary_name":"ldap-utils"},{"binary_version":"2.4.42+dfsg-2ubuntu3.13+esm1","binary_name":"libldap-2.4-2"},{"binary_version":"2.4.42+dfsg-2ubuntu3.13+esm1","binary_name":"slapd"},{"binary_version":"2.4.42+dfsg-2ubuntu3.13+esm1","binary_name":"slapd-smbk5pwd"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5424-2.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-29155"}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}}],"schema_version":"1.7.5"}