CVE-2020-12243

Exploit

EPSS 6.57%
Veröffentlicht 28.04.2020 19:15:12
Zuletzt bearbeitet 21.11.2024 04:59:22
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openldap ≫ Openldap Version < 2.4.50

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Opensuse ≫ Leap Version15.1

Canonical ≫ Ubuntu Linux Version12.04

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version19.10

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Netapp ≫ Cloud Backup Version-

Netapp ≫ Steelstore Cloud Integrated Storage Version-

Netapp ≫ H410c Firmware Version-

Netapp ≫ H410c Version-

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H300e Firmware Version-

Netapp ≫ H300e Version-

Netapp ≫ H500e Firmware Version-

Netapp ≫ H500e Version-

Netapp ≫ H700e Firmware Version-

Netapp ≫ H700e Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Broadcom ≫ Brocade Fabric Operating System Version-

Apple ≫ macOS X Version >= 10.13.0 < 10.13.6

Apple ≫ macOS X Version >= 10.14.0 < 10.14.6

Apple ≫ macOS X Version >= 10.15 < 10.15.6

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2018-002

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2018-003

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-001

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-002

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-003

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-004

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-005

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-006

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-007

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2020-001

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2020-002

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2020-003

Apple ≫ macOS X Version10.13.6 Updatesupplemental_update

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-001

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-002

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-004

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-005

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-006

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-007

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-001

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-002

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-003

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-004

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-005

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-006

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-007

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2021-001

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2021-002

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2021-003

Apple ≫ macOS X Version10.14.6 Updatesupplemental_update

Apple ≫ macOS X Version10.14.6 Updatesupplemental_update_2

Oracle ≫ Zfs Storage Appliance Kit Version8.8

Oracle ≫ Solaris Version10

Oracle ≫ Solaris Version11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.57%	0.908

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

https://www.oracle.com/security-alerts/cpuapr2022.html

Third Party Advisory

https://support.apple.com/kb/HT211289

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Patch

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html

Third Party Advisory

Mailing List

https://bugs.openldap.org/show_bug.cgi?id=9202

Patch

Vendor Advisory

Exploit

https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES

Vendor Advisory

Release Notes

https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440

Patch

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20200511-0003/

Third Party Advisory

https://usn.ubuntu.com/4352-1/

Third Party Advisory

https://usn.ubuntu.com/4352-2/

Third Party Advisory

https://www.debian.org/security/2020/dsa-4666

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-12243

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12243

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12243

EUVD