Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

DEBIAN-CVE-2022-29155 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceDEBIAN-CVE-2022-29155

DEBIAN-CVE-2022-29155

CRITICAL9.8

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur durin

Published May 4, 2022

Modified 5 months ago

Fix available

Details

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.

Affected Packages

openldap

Debian 11

Fixed in:

2.4.57+dfsg-3+deb11u1

openldap

Debian 12Debian 13Debian 14

Fixed in:

2.5.12+dfsg-1

References

https://security-tracker.debian.org/tracker/CVE-2022-29155

CVSS Analysis

CVSS v3.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Upstream

Ecosystems

Debian 11 Debian 12 Debian 13 Debian 14

Timeline

PublishedMay 4, 2022

ModifiedNov 20, 2025