Lucene search

K

[email protected]CVE-2020-36221

HistoryJan 26, 2021 - 6:15 p.m.

CVE-2020-36221

2021-01-2618:15:00

CWE-191

[email protected]

web.nvd.nist.gov

186

10

cve-2020-36221

openldap

integer underflow

slapd crashes

denial of service

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.057 Low

EPSS

Percentile

93.3%

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).

CPENameOperatorVersion
openldap:openldapopenldaplt2.4.57
debian:debian_linuxdebian debian linuxeq9.0
debian:debian_linuxdebian debian linuxeq10.0
apple:mac_os_xapple mac os xlt10.14.6
apple:macosapple macoslt11.4

References

seclists.org/fulldisclosure/2021/May/64

seclists.org/fulldisclosure/2021/May/65

seclists.org/fulldisclosure/2021/May/70

bugs.openldap.org/show_bug.cgi?id=9404

bugs.openldap.org/show_bug.cgi?id=9424

git.openldap.org/openldap/openldap/-/commit/38ac838e4150c626bbfa0082b7e2cf3a2bb4df31

git.openldap.org/openldap/openldap/-/commit/58c1748e81c843c5b6e61648d2a4d1d82b47e842

git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57

lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

lists.debian.org/debian-lts-announce/2021/02/msg00005.html

security.netapp.com/advisory/ntap-20210226-0002/

support.apple.com/kb/HT212529

support.apple.com/kb/HT212530

support.apple.com/kb/HT212531

www.debian.org/security/2021/dsa-4845

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.057 Low

EPSS

Percentile

93.3%

Related for CVE-2020-36221

osv5 ubuntucve1 redhatcve1 alpinelinux1 debiancve1 veracode1 prion1 cbl_mariner1 openvas24 photon8 debian3 nessus28 ubuntu1 redos1 mageia1 amazon2 suse1 rosalinux1 apple3 ibm1 ics1