CVE-2025-61912 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrec…
Medium CVSS: 5.5

CVE-2025-61912

python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.
Vendor
Python-ldap
Product
Python-ldap
CWE
CWE-116
Yayın Tarihi
2025-10-10 22:15:37
Güncelleme
2025-12-04 17:57:59
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-116 Python-ldap MEDIUM Python-ldap 2025

Referanslar

https://github.com/python-ldap/python-ldap/commit/6ea80326a34ee6093219628d7690bced50c49a3f https://github.com/python-ldap/python-ldap/releases/tag/python-ldap-3.4.5 https://github.com/python-ldap/python-ldap/security/advisories/GHSA-p34h-wq7j-h5v6