Lucene search

K

[email protected]CVE-2020-36226

HistoryJan 26, 2021 - 6:15 p.m.

CVE-2020-36226

2021-01-2618:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

199

11

openldap

cve-2020-36226

nvd

security

flaw

denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

72.9%

A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.

CPENameOperatorVersion
openldap:openldapopenldaplt2.4.57
debian:debian_linuxdebian debian linuxeq9.0
debian:debian_linuxdebian debian linuxeq10.0
apple:mac_os_xapple mac os xlt10.14.6
apple:macosapple macoslt11.4

References

seclists.org/fulldisclosure/2021/May/64

seclists.org/fulldisclosure/2021/May/65

seclists.org/fulldisclosure/2021/May/70

bugs.openldap.org/show_bug.cgi?id=9413

git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65

git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26

git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439

git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8

git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57

lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E

lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

lists.debian.org/debian-lts-announce/2021/02/msg00005.html

security.netapp.com/advisory/ntap-20210226-0002/

support.apple.com/kb/HT212529

support.apple.com/kb/HT212530

support.apple.com/kb/HT212531

www.debian.org/security/2021/dsa-4845

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

72.9%

Related for CVE-2020-36226

osv5 veracode1 redhatcve1 alpinelinux1 cbl_mariner1 prion1 ubuntucve1 debiancve1 nessus31 openvas27 debian3 photon8 ubuntu1 amazon2 redos1 mageia1 suse1 rosalinux1 apple3 ibm1 ics1