7.5
CVE-2020-25710
- EPSS 7%
- Veröffentlicht 28.05.2021 11:15:07
- Zuletzt bearbeitet 21.11.2024 05:18:32
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Jboss Core Services Version-
Redhat ≫ Jboss Enterprise Application Platform Version5.0.0
Redhat ≫ Jboss Enterprise Web Server Version2.0.0
Redhat ≫ Enterprise Linux Version5.0
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Debian ≫ Debian Linux Version9.0
Fedoraproject ≫ Fedora Version33
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7% | 0.91 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-617 Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.