7.5

CVE-2020-36224

A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenldapOpenldap Version < 2.4.57
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
ApplemacOS X Version >= 10.14.0 < 10.14.6
ApplemacOS X Version10.14.6 Update-
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-004
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-005
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-006
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-007
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-001
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-002
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-003
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-004
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-005
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-006
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-007
ApplemacOS X Version10.14.6 Updatesecurity_update_2021-001
ApplemacOS X Version10.14.6 Updatesecurity_update_2021-002
ApplemacOS X Version10.14.6 Updatesecurity_update_2021-003
ApplemacOS X Version10.14.6 Updatesupplemental_update
ApplemacOS X Version10.14.6 Updatesupplemental_update_2
ApplemacOS Version >= 11.1 < 11.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.3% 0.899
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-763 Release of Invalid Pointer or Reference

The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
http://seclists.org/fulldisclosure/2021/May/64
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2021/May/65
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2021/May/70
Third Party Advisory
Mailing List
https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
Vendor Advisory
Release Notes
https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20210226-0002/
Third Party Advisory
https://support.apple.com/kb/HT212529
Third Party Advisory
https://support.apple.com/kb/HT212530
Third Party Advisory
https://support.apple.com/kb/HT212531
Third Party Advisory
https://www.debian.org/security/2021/dsa-4845
Third Party Advisory
https://bugs.openldap.org/show_bug.cgi?id=9409
Vendor Advisory
Issue Tracking
https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
Patch
Vendor Advisory
https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26
Patch
Vendor Advisory
https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439
Patch
Vendor Advisory
https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
Patch
Vendor Advisory