Summary Denial of Service due to application crash
Release Date 21st December 2022
Product M-Vault
Version(s) 16.0v0 to 17.0v23
CVE ID CVE-2022-47581

Summary of vulnerability

This advisory discloses a critical vulnerability introduced in version R16.0v0 of M-Vault. The following versions are affected by this vulnerability:

  • M-Vault R16.0v0 to R17.0v23.
This is a bug where an LDAPv1 bind request leads to a server crash, thereby leading to denial of service.


Isode rates the severity level of this vulnerability as high, according to the CVSS system (details can be found at


This vulnerability has been fixed in M-Vault R17.0v24 and affected services are advised to immediately upgrade to this version. Current later versions (such as the subsequent major release R18.0) are not affected by this vulnerability.


This vulnerability was discovered, with thanks from Isode, by Jerome Nokin of the NATO Cyber Security Centre (NCSC).