{"id":"USN-5424-2","summary":"openldap vulnerability","details":"USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.\n\nOriginal advisory details:\n\n It was discovered that OpenLDAP incorrectly handled certain SQL statements\n within LDAP queries in the experimental back-sql backend. A remote attacker\n could possibly use this issue to perform an SQL injection attack and alter\n the database.\n","modified":"2026-05-20T16:05:40.423784610Z","published":"2022-05-19T14:39:17Z","related":["UBUNTU-CVE-2022-29155"],"upstream":["CVE-2022-29155","UBUNTU-CVE-2022-29155"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5424-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-29155"}],"affected":[{"package":{"name":"openldap","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/openldap?arch=source&distro=trusty%2Fesm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.31-1+nmu2ubuntu8.5+esm5"}]}],"versions":["2.4.31-1+nmu2ubuntu3","2.4.31-1+nmu2ubuntu4","2.4.31-1+nmu2ubuntu5","2.4.31-1+nmu2ubuntu8","2.4.31-1+nmu2ubuntu8.1","2.4.31-1+nmu2ubuntu8.2","2.4.31-1+nmu2ubuntu8.3","2.4.31-1+nmu2ubuntu8.4","2.4.31-1+nmu2ubuntu8.5","2.4.31-1+nmu2ubuntu8.5+esm1","2.4.31-1+nmu2ubuntu8.5+esm2","2.4.31-1+nmu2ubuntu8.5+esm3","2.4.31-1+nmu2ubuntu8.5+esm4"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"ldap-utils","binary_version":"2.4.31-1+nmu2ubuntu8.5+esm5"},{"binary_name":"libldap-2.4-2","binary_version":"2.4.31-1+nmu2ubuntu8.5+esm5"},{"binary_name":"slapd","binary_version":"2.4.31-1+nmu2ubuntu8.5+esm5"},{"binary_name":"slapd-smbk5pwd","binary_version":"2.4.31-1+nmu2ubuntu8.5+esm5"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-29155"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5424-2.json"}},{"package":{"name":"openldap","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/openldap?arch=source&distro=esm-apps%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.42+dfsg-2ubuntu3.13+esm1"}]}],"versions":["2.4.41+dfsg-1ubuntu2","2.4.41+dfsg-1ubuntu3","2.4.42+dfsg-2ubuntu1","2.4.42+dfsg-2ubuntu3","2.4.42+dfsg-2ubuntu3.1","2.4.42+dfsg-2ubuntu3.2","2.4.42+dfsg-2ubuntu3.3","2.4.42+dfsg-2ubuntu3.4","2.4.42+dfsg-2ubuntu3.5","2.4.42+dfsg-2ubuntu3.6","2.4.42+dfsg-2ubuntu3.7","2.4.42+dfsg-2ubuntu3.8","2.4.42+dfsg-2ubuntu3.9","2.4.42+dfsg-2ubuntu3.10","2.4.42+dfsg-2ubuntu3.11","2.4.42+dfsg-2ubuntu3.12","2.4.42+dfsg-2ubuntu3.13"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"ldap-utils","binary_version":"2.4.42+dfsg-2ubuntu3.13+esm1"},{"binary_name":"libldap-2.4-2","binary_version":"2.4.42+dfsg-2ubuntu3.13+esm1"},{"binary_name":"slapd-smbk5pwd","binary_version":"2.4.42+dfsg-2ubuntu3.13+esm1"},{"binary_name":"slapd","binary_version":"2.4.42+dfsg-2ubuntu3.13+esm1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5424-2.json"}}],"schema_version":"1.7.5"}