{
  "threat_severity" : "Low",
  "public_date" : "2014-07-21T00:00:00Z",
  "bugzilla" : {
    "description" : "openldap: crash in ldap_domain2hostlist when processing SRV records",
    "id" : "1095976",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1095976"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.7",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "details" : [ "An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.", "An off-by-one error leading to a crash was discovered in openldap's processing of DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses." ],
  "acknowledgement" : "This issue was discovered by Matt Rogers (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-22T00:00:00Z",
    "advisory" : "RHBA-2015:1292",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "openldap-0:2.4.40-5.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-11-19T00:00:00Z",
    "advisory" : "RHSA-2015:2131",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "openldap-0:2.4.40-8.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "openldap",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-8182\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8182" ],
  "name" : "CVE-2014-8182",
  "csaw" : false
}