7.5

CVE-2020-36222

A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenldapOpenldap Version < 2.4.57
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
ApplemacOS X Version >= 10.14.0 < 10.14.6
ApplemacOS X Version10.14.6 Update-
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-004
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-005
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-006
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-007
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-001
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-002
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-003
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-004
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-005
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-006
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-007
ApplemacOS X Version10.14.6 Updatesecurity_update_2021-001
ApplemacOS X Version10.14.6 Updatesecurity_update_2021-002
ApplemacOS X Version10.14.6 Updatesecurity_update_2021-003
ApplemacOS X Version10.14.6 Updatesupplemental_update
ApplemacOS X Version10.14.6 Updatesupplemental_update_2
ApplemacOS Version >= 11.1 < 11.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 77.74% 0.995
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
http://seclists.org/fulldisclosure/2021/May/64
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2021/May/65
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2021/May/70
Third Party Advisory
Mailing List
https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
Vendor Advisory
Release Notes
https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20210226-0002/
Third Party Advisory
https://support.apple.com/kb/HT212529
Third Party Advisory
https://support.apple.com/kb/HT212530
Third Party Advisory
https://support.apple.com/kb/HT212531
Third Party Advisory
https://www.debian.org/security/2021/dsa-4845
Third Party Advisory
https://bugs.openldap.org/show_bug.cgi?id=9406
Vendor Advisory
Issue Tracking
https://bugs.openldap.org/show_bug.cgi?id=9407
Vendor Advisory
Issue Tracking
https://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0
Patch
Vendor Advisory
https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed
Patch
Vendor Advisory
https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed.aa
Broken Link