{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/ldap3_proto--0.7.1/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["ldap3_proto (\u003c 0.7.1)"],"_cs_severities":["medium"],"_cs_tags":["ldap","denial-of-service","rust"],"_cs_type":"advisory","_cs_vendors":["GitHub"],"content_html":"\u003cp\u003eThe \u003ccode\u003eldap3_proto\u003c/code\u003e package, a Rust library for implementing the LDAP protocol, is susceptible to a stack exhaustion vulnerability. This flaw arises because the library doesn\u0026rsquo;t validate the depth of LDAP queries. An attacker can exploit this by sending a crafted LDAP query with excessive nesting, causing the parser (both PEG and ASN) to consume excessive stack space. This can lead to a denial-of-service (DoS) condition in applications that rely on \u003ccode\u003eldap3_proto\u003c/code\u003e to process LDAP queries. The vulnerability affects versions of \u003ccode\u003eldap3_proto\u003c/code\u003e prior to 0.7.1. This poses a risk to applications using the vulnerable library, potentially disrupting services.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies an application using a vulnerable version of \u003ccode\u003eldap3_proto\u003c/code\u003e (\u0026lt; 0.7.1).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious LDAP query with deeply nested filters. The LDAP query exploits the lack of depth validation in the ldap3_proto library.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted LDAP query to the target application. The query is sent over a network connection to the LDAP service.\u003c/li\u003e\n\u003cli\u003eThe application receives the LDAP query and passes it to the \u003ccode\u003eldap3_proto\u003c/code\u003e library for parsing. The application uses the vulnerable library to parse the received LDAP query.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eldap3_proto\u003c/code\u003e library attempts to parse the deeply nested LDAP filter. The parser exhausts the stack space.\u003c/li\u003e\n\u003cli\u003eStack exhaustion occurs, leading to a denial-of-service condition. The vulnerable application crashes or becomes unresponsive due to stack exhaustion.\u003c/li\u003e\n\u003cli\u003eLegitimate users are unable to access the affected service or application. Users experience service disruptions or application unavailability.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to a denial-of-service condition, rendering applications using the \u003ccode\u003eldap3_proto\u003c/code\u003e library unavailable. The impact is limited to availability, as the vulnerability does not directly compromise confidentiality or integrity. The number of affected applications depends on the adoption of the vulnerable \u003ccode\u003eldap3_proto\u003c/code\u003e library. Organizations using applications with this vulnerability may experience service disruptions and potential data loss due to application crashes.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003eldap3_proto\u003c/code\u003e package to version 0.7.1 or later to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspiciously Deep LDAP Queries\u0026rdquo; to identify potential exploitation attempts by monitoring network traffic for unusually large LDAP queries.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-06T23:39:47Z","date_published":"2026-05-06T23:39:47Z","id":"/briefs/2026-05-ldap3-stack-exhaustion/","summary":"The ldap3_proto package is vulnerable to LDAP Filter stack exhaustion due to unbounded query depth, potentially causing a denial of service in applications processing LDAP queries, affecting versions before 0.7.1.","title":"ldap3_proto LDAP Filter Stack Exhaustion Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-ldap3-stack-exhaustion/"}],"language":"en","title":"CraftedSignal Threat Feed — Ldap3_proto (\u003c 0.7.1)","version":"https://jsonfeed.org/version/1.1"}