Lucene search

K

[email protected]CVE-2020-36225

HistoryJan 26, 2021 - 6:15 p.m.

CVE-2020-36225

2021-01-2618:15:00

CWE-415

[email protected]

web.nvd.nist.gov

190

12

cve-2020-36225

openldap

2.4.57

double free

slapd crash

saslauthzto

denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

86.0%

A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

CPENameOperatorVersion
openldap:openldapopenldaplt2.4.57
debian:debian_linuxdebian debian linuxeq9.0
debian:debian_linuxdebian debian linuxeq10.0
apple:macosapple macoslt11.4

References

seclists.org/fulldisclosure/2021/May/64

seclists.org/fulldisclosure/2021/May/65

seclists.org/fulldisclosure/2021/May/70

bugs.openldap.org/show_bug.cgi?id=9412

git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65

git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26

git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439

git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8

git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57

lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

lists.debian.org/debian-lts-announce/2021/02/msg00005.html

security.netapp.com/advisory/ntap-20210226-0002/

support.apple.com/kb/HT212529

support.apple.com/kb/HT212530

support.apple.com/kb/HT212531

www.debian.org/security/2021/dsa-4845

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

86.0%

Related for CVE-2020-36225

prion1 redhatcve1 amazon2 veracode1 osv5 cbl_mariner1 debiancve1 ubuntucve1 nessus31 alpinelinux1 openvas27 debian3 photon8 ubuntu1 redos1 mageia1 suse1 rosalinux1 apple3 ibm1 ics1