CNNVD-202510-1398 Information
CNNVD ID
CNNVD-202510-1398
Related CVE
- CNNVD Published: 2025-10-10
Description (Chinese)
python-ldap是python基金会的一个用于 Python 的 LDAP 客户端 API。 python-ldap 3.4.5之前版本存在安全漏洞,该漏洞源于ldap.dn.escape_dn_chars函数对x00转义不正确,可能导致客户端拒绝服务。
Description (English)
Python-ldap is a LDAP client for Python Foundation API. There was a security loophole in the previous version of python-ldap 3.4.5 that originated from the incorrect transposition of the ldap.dn.escape dn chars function to x00, which could lead to client refusal of service.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Python
Published
2025-10-10
Last Modified
2026-02-24
References
https://github.com/python-ldap/python-ldap/releases/tag/python-ldap-3.4.5 https://github.com/python-ldap/python-ldap/commit/6ea80326a34ee6093219628d7690bced50c49a3f https://github.com/python-ldap/python-ldap/security/advisories/GHSA-p34h-wq7j-h5v6 https://vigilance.fr/vulnerability/python-ldap-ingress-filtrering-bypass-via-escape-dn-chars-48530 https://access.redhat.com/security/cve/cve-2025-61912
Patch
https://github.com/python-ldap/python-ldap/releases
Share on: