{"schema_version":"1.7.2","id":"OESA-2026-1427","modified":"2026-02-28T12:44:08Z","published":"2026-02-28T12:44:08Z","upstream":["CVE-2026-22185"],"summary":"openldap security update","details":"OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.\r\n\r\nSecurity Fix(es):\n\nOpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.(CVE-2026-22185)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"openldap","purl":"pkg:rpm/openEuler/openldap&distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.5-7.oe2403sp1"}]}],"ecosystem_specific":{"aarch64":["openldap-2.6.5-7.oe2403sp1.aarch64.rpm","openldap-clients-2.6.5-7.oe2403sp1.aarch64.rpm","openldap-debuginfo-2.6.5-7.oe2403sp1.aarch64.rpm","openldap-debugsource-2.6.5-7.oe2403sp1.aarch64.rpm","openldap-devel-2.6.5-7.oe2403sp1.aarch64.rpm","openldap-servers-2.6.5-7.oe2403sp1.aarch64.rpm"],"noarch":["openldap-help-2.6.5-7.oe2403sp1.noarch.rpm"],"src":["openldap-2.6.5-7.oe2403sp1.src.rpm"],"x86_64":["openldap-2.6.5-7.oe2403sp1.x86_64.rpm","openldap-clients-2.6.5-7.oe2403sp1.x86_64.rpm","openldap-debuginfo-2.6.5-7.oe2403sp1.x86_64.rpm","openldap-debugsource-2.6.5-7.oe2403sp1.x86_64.rpm","openldap-devel-2.6.5-7.oe2403sp1.x86_64.rpm","openldap-servers-2.6.5-7.oe2403sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1427"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22185"}],"database_specific":{"severity":"Medium"}}