Security Advisory

CVE-2025-61912

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-10 22:04:25
Last updated 2025-10-14 14:58:06
Assigner GitHub_M
State PUBLISHED

Description

python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form 00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.