--On Wednesday, May 18, 2022 4:19 PM +0530 "Venkat Kandhari -X (khvenkat - INFOSYS LIMITED at Cisco)" <[email protected]> wrote:
Hi Team: We have a scenario wherein our Product X is using OpenLDAP library as a Client to connect to a LDAP Server. Therefore, is our Product X impacted by CVE-2022-29155 CVE or not?
The impact is purely on the server side, with the back-sql backend to slapd. Nothing on the client side is impacted.
If the server you are connecting to is an OpenLDAP server that uses the experimental back-sql backend to store data, then that server would be impacted if it does not have the fix applied.
--Quanah
