18 May
2022
18 May
'22
7:28 a.m.
--On Wednesday, May 18, 2022 4:19 PM +0530 "Venkat Kandhari -X (khvenkat - INFOSYS LIMITED at Cisco)" khvenkat@gmail.com wrote:
Hi Team:
We have a scenario wherein our Product X is using OpenLDAP library as a Client to connect to a LDAP Server.
Therefore, is our Product X impacted by CVE-2022-29155 CVE or not?
The impact is purely on the server side, with the back-sql backend to slapd. Nothing on the client side is impacted.
If the server you are connecting to is an OpenLDAP server that uses the experimental back-sql backend to store data, then that server would be impacted if it does not have the fix applied.
--Quanah