Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Openldap Security Vulnerabilities - 2020

cve
cve

CVE-2014-8182

An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.

7.5CVSS

7.2AI Score

0.281EPSS

2020-01-02 11:15 PM
122
cve
cve

CVE-2020-12243

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

7.5CVSS

7.4AI Score

0.092EPSS

2020-04-28 07:15 PM
414
cve
cve

CVE-2020-15719

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.

4.2CVSS

4.2AI Score

0.002EPSS

2020-07-14 02:15 PM
396
6
cve
cve

CVE-2020-25692

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.

7.5CVSS

7.5AI Score

0.001EPSS

2020-12-08 01:15 AM
262
6