GHSA-qcxq-75wr-5cm8

Source

https://github.com/advisories/GHSA-qcxq-75wr-5cm8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-qcxq-75wr-5cm8/GHSA-qcxq-75wr-5cm8.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-qcxq-75wr-5cm8

Published

2026-05-06T23:39:47Z

Modified

2026-05-06T23:46:48.977222Z

Severity

8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

ldap3_proto has LDAP Filter stack exhaustion

Details

Impact

LDAP queries are not validated for depth, which can cause the parser (both PEG and ASN) to exhaust the stack. This may cause a denial of service in applications that process queries.

Workarounds

N/A

Resources

Related to GHSA-r5fr-9gmv-jggh

Database specific

{
    "cwe_ids": [
        "CWE-770"
    ],
    "github_reviewed_at": "2026-05-06T23:39:47Z",
    "github_reviewed": true,
    "severity": "HIGH",
    "nvd_published_at": null
}

References

Affected packages

crates.io / ldap3_proto

Package

Name: ldap3_proto; View open source insights on deps.dev
Purl: pkg:cargo/ldap3_proto

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-qcxq-75wr-5cm8/GHSA-qcxq-75wr-5cm8.json"