--On Wednesday, May 18, 2022 4:19 PM +0530 "Venkat Kandhari -X (khvenkat -
INFOSYS LIMITED at Cisco)" <khvenkat(a)gmail.com> wrote:
We have a scenario wherein our Product X is using OpenLDAP library as a
Client to connect to a LDAP Server.
Therefore, is our Product X impacted by CVE-2022-29155 CVE or not?
The impact is purely on the server side, with the back-sql backend to
slapd. Nothing on the client side is impacted.
If the server you are connecting to is an OpenLDAP server that uses the
experimental back-sql backend to store data, then that server would be
impacted if it does not have the fix applied.