python-ldap, Client-Side Denial of Service, CVE-2024-5319 (Medium)

By /

Listen to this Post

The vulnerability exists in the `ldap.dn.escape_dn_chars()` function. Its purpose is to safely escape characters in a Distinguished Name (DN) according to RFC-4514. When the function encounters a null byte (\x00), it incorrectly performs a replacement: s.replace('\000', '\\\000'). This results in a string containing a backslash followed by a literal null byte. When this malformed string is passed to python-ldap’s API methods (like `add_s` or modify_s), the underlying library detects the embedded null character and raises a `ValueError` before any network request is sent to the LDAP server. This causes a consistent client-side application crash or failure when processing attacker-controlled input, constituting a denial-of-service. The correct behavior would be to escape the null byte into its RFC-compliant hex form, \00, which allows the client to proceed and lets the server handle the invalid character.
Platform: python-ldap
Version: < 3.4.4
Vulnerability: Client-Side DoS
Severity: Medium

date: 2024-XX-XX

Prediction: 2024-12-15

What Undercode Say:

python3 -c "from ldap.dn import escape_dn_chars; print(repr(escape_dn_chars('bad\x00name')))"

Check for the vulnerable function in your code
import ldap.dn
print(ldap.<strong>version</strong>)
The bug is in Lib/ldap/dn.py

Find usage of the vulnerable function in a project
grep -r "escape_dn_chars" /your/project/path/

How Exploit:

Attacker supplies a string containing a null byte (\x00) as input to any application logic that uses `ldap.dn.escape_dn_chars()` to construct a DN. For example, a user creation form where the username is incorporated into a DN. The application crashes with a `ValueError: embedded null character` when attempting the LDAP operation, preventing the service from processing further requests.

Protection from this CVE:

Upgrade python-ldap to version 3.4.4 or later. The patch replaces the faulty null byte escape sequence with the correct RFC-4514 hex form, \00.

Impact:

Client-side Denial of Service. Applications using the vulnerable function to build DNs from untrusted input will crash, disrupting workflows like user provisioning, synchronization jobs, or batch imports.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top