cvedb.io
CVE-2025-61912
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2025-10-10T22:15:37.637 · Last modified 2026-06-17T09:51:03.823

Summary

python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.

Affected products

python-ldap — python-ldap

Does this affect you?

Add your gear to cvedb and we'll alert you only when python-ldap ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.