x/vulndb: potential Go vuln in github.com/go-ldap/ldap: GHSA-x27w-qxhg-343v

[GoVulnBot]

In GitHub Security Advisory GHSA-x27w-qxhg-343v, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/go-ldap/ldap	2.5.0	< 2.5.0

Cross references:

• CVE-2017-14623 appears in issue x/vulndb: potential Go vuln in github.com/go-ldap/ldap: GHSA-x27w-qxhg-343v #887 NOT_IMPORTABLE
• GHSA-x27w-qxhg-343v appears in issue x/vulndb: potential Go vuln in github.com/go-ldap/ldap: GHSA-x27w-qxhg-343v #887 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - fixed: 2.5.0
    packages:
      - package: github.com/go-ldap/ldap
description: 'In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker
    may be able to login with an empty password. This issue affects an application
    using this package if these conditions are met: (1) it relies only on the return
    error of the Bind function call to determine whether a user is authorized (i.e.,
    a nil return value is interpreted as successful authorization) and (2) it is used
    with an LDAP server allowing unauthenticated bind.'
cves:
  - CVE-2017-14623
ghsas:
  - GHSA-x27w-qxhg-343v

[tatianab]

Duplicate of #887