--On Wednesday, May 18, 2022 4:19 PM +0530 "Venkat Kandhari -X (khvenkat - INFOSYS LIMITED at Cisco)" khvenkat@gmail.com wrote:
Hi Team:
We have a scenario wherein our Product X is using OpenLDAP library as a Client to connect to a LDAP Server.
Therefore, is our Product X impacted by CVE-2022-29155 CVE or not?
The impact is purely on the server side, with the back-sql backend to slapd. Nothing on the client side is impacted.
If the server you are connecting to is an OpenLDAP server that uses the experimental back-sql backend to store data, then that server would be impacted if it does not have the fix applied.
--Quanah
Venkat Kandhari -X (khvenkat - INFOSYS LIMITED at Cisco) wrote:
Hi Team:
We have a scenario wherein our Product X is using OpenLDAP library as a Client to connect to a LDAP Server.
Therefore, is our Product X impacted by CVE-2022-29155 CVE or not?
Read the CVE description and think. Does your product X use back-sql, the experimental backend that has been unsupported for over a decade?
Regards,
Venkat
Sent from Mail https://go.microsoft.com/fwlink/?LinkId=550986 for Windows
openldap-technical@openldap.org
-
Howard Chu -
Quanah Gibson-Mount -
Venkat Kandhari -X (khvenkat - INFOSYS LIMITED@Cisco)