CVE-2021-46823: 
Python vulnerability analysis and mitigation

Python-ldap before version 3.4.0 contains a denial of service vulnerability when ldap.schema is used for untrusted schema definitions. The vulnerability stems from a regular expression denial of service (ReDoS) flaw in the LDAP schema parser, which could be exploited by remote authenticated attackers through crafted regex input (GitHub Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The attack requires network access and low complexity, with low privileges required and no user interaction needed. While the scope remains unchanged and there is no impact on confidentiality or integrity, the vulnerability can have a high impact on availability (NVD).

The vulnerability affects the availability of systems using python-ldap's schema parser functionality. When exploited, it can cause a denial of service condition, particularly when processing untrusted schema definitions (GitHub Advisory).

The vulnerability has been fixed in python-ldap version 3.4.0. As a workaround, users can check input for excessive amounts of backslashes in schemas, as more than a dozen backslashes per line are considered atypical. The patch includes a workaround that refuses schema definitions with an excessive amount of backslashes to prevent ReDoS attacks (GitHub Advisory).