Lucene search

K

[email protected]CVE-2020-36224

HistoryJan 26, 2021 - 6:15 p.m.

CVE-2020-36224

2021-01-2618:15:00

CWE-763

[email protected]

web.nvd.nist.gov

200

13

cve-2020-36224

openldap

saslauthzto

denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.9%

A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

CPENameOperatorVersion
openldap:openldapopenldaplt2.4.57
debian:debian_linuxdebian debian linuxeq9.0
debian:debian_linuxdebian debian linuxeq10.0
apple:mac_os_xapple mac os xlt10.14.6
apple:macosapple macoslt11.4

References

seclists.org/fulldisclosure/2021/May/64

seclists.org/fulldisclosure/2021/May/65

seclists.org/fulldisclosure/2021/May/70

bugs.openldap.org/show_bug.cgi?id=9409

git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65

git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26

git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439

git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8

git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57

lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

lists.debian.org/debian-lts-announce/2021/02/msg00005.html

security.netapp.com/advisory/ntap-20210226-0002/

support.apple.com/kb/HT212529

support.apple.com/kb/HT212530

support.apple.com/kb/HT212531

www.debian.org/security/2021/dsa-4845

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.9%

Related for CVE-2020-36224

alpinelinux1 cbl_mariner1 redhatcve1 debiancve1 osv5 ubuntucve1 prion1 veracode1 openvas27 nessus31 debian3 photon8 ubuntu1 suse1 amazon2 redos1 mageia1 rosalinux1 apple3 ibm1 ics1