Lucene search

K
cve[email protected]CVE-2020-12243
HistoryApr 28, 2020 - 7:15 p.m.

CVE-2020-12243

2020-04-2819:15:12
CWE-674
web.nvd.nist.gov
405
cve-2020-12243
openldap
slapd
filter.c
denial of service
daemon crash
ldap
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.124 Low

EPSS

Percentile

95.4%

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

Affected configurations

NVD
Node
openldapopenldapRange<2.4.50
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
Node
opensuseleapMatch15.1
Node
canonicalubuntu_linuxMatch12.04
OR
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch19.10
OR
canonicalubuntu_linuxMatch20.04lts
Node
netappcloud_backupMatch-
OR
netappsteelstore_cloud_integrated_storageMatch-
Node
netapph410cMatch-
AND
netapph410c_firmwareMatch-
Node
netapph300sMatch-
AND
netapph300s_firmwareMatch-
Node
netapph500sMatch-
AND
netapph500s_firmwareMatch-
Node
netapph700sMatch-
AND
netapph700s_firmwareMatch-
Node
netapph300eMatch-
AND
netapph300e_firmwareMatch-
Node
netapph500eMatch-
AND
netapph500e_firmwareMatch-
Node
netapph700e_firmwareMatch-
AND
netapph700eMatch-
Node
netapph410s_firmwareMatch-
AND
netapph410sMatch-
Node
broadcombrocade_fabric_operating_systemMatch-
Node
applemac_os_xRange10.13.010.13.6
OR
applemac_os_xRange10.14.010.14.6
OR
applemac_os_xRange10.1510.15.6
OR
applemac_os_xMatch10.13.6security_update_2018-002
OR
applemac_os_xMatch10.13.6security_update_2018-003
OR
applemac_os_xMatch10.13.6security_update_2019-001
OR
applemac_os_xMatch10.13.6security_update_2019-002
OR
applemac_os_xMatch10.13.6security_update_2019-003
OR
applemac_os_xMatch10.13.6security_update_2019-004
OR
applemac_os_xMatch10.13.6security_update_2019-005
OR
applemac_os_xMatch10.13.6security_update_2019-006
OR
applemac_os_xMatch10.13.6security_update_2019-007
OR
applemac_os_xMatch10.13.6security_update_2020-001
OR
applemac_os_xMatch10.13.6security_update_2020-002
OR
applemac_os_xMatch10.13.6security_update_2020-003
OR
applemac_os_xMatch10.13.6supplemental_update
OR
applemac_os_xMatch10.14.6security_update_2019-001
OR
applemac_os_xMatch10.14.6security_update_2019-002
OR
applemac_os_xMatch10.14.6security_update_2019-004
OR
applemac_os_xMatch10.14.6security_update_2019-005
OR
applemac_os_xMatch10.14.6security_update_2019-006
OR
applemac_os_xMatch10.14.6security_update_2019-007
OR
applemac_os_xMatch10.14.6security_update_2020-001
OR
applemac_os_xMatch10.14.6security_update_2020-002
OR
applemac_os_xMatch10.14.6security_update_2020-003
OR
applemac_os_xMatch10.14.6security_update_2020-004
OR
applemac_os_xMatch10.14.6security_update_2020-005
OR
applemac_os_xMatch10.14.6security_update_2020-006
OR
applemac_os_xMatch10.14.6security_update_2020-007
OR
applemac_os_xMatch10.14.6security_update_2021-001
OR
applemac_os_xMatch10.14.6security_update_2021-002
OR
applemac_os_xMatch10.14.6security_update_2021-003
OR
applemac_os_xMatch10.14.6supplemental_update
OR
applemac_os_xMatch10.14.6supplemental_update_2
Node
oraclezfs_storage_appliance_kitMatch8.8
OR
oraclesolarisMatch10
OR
oraclesolarisMatch11
CPENameOperatorVersion
openldap:openldapopenldaplt2.4.50

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.124 Low

EPSS

Percentile

95.4%