7.5

CVE-2020-36230

A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenldapOpenldap Version < 2.4.57
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
ApplemacOS X Version >= 10.14.0 < 10.14.6
ApplemacOS X Version10.14.6 Update-
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-004
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-005
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-006
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-007
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-001
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-002
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-003
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-004
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-005
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-006
ApplemacOS X Version10.14.6 Updatesecurity_update_2020-007
ApplemacOS X Version10.14.6 Updatesecurity_update_2021-001
ApplemacOS X Version10.14.6 Updatesecurity_update_2021-002
ApplemacOS X Version10.14.6 Updatesecurity_update_2021-003
ApplemacOS X Version10.14.6 Updatesupplemental_update
ApplemacOS X Version10.14.6 Updatesupplemental_update_2
ApplemacOS Version >= 11.1 < 11.4
ApacheBookkeeper Version4.12.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.29% 0.957
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
http://seclists.org/fulldisclosure/2021/May/64
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2021/May/65
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2021/May/70
Third Party Advisory
Mailing List
https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
Vendor Advisory
Release Notes
https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20210226-0002/
Third Party Advisory
https://support.apple.com/kb/HT212529
Third Party Advisory
https://support.apple.com/kb/HT212530
Third Party Advisory
https://support.apple.com/kb/HT212531
Third Party Advisory
https://www.debian.org/security/2021/dsa-4845
Third Party Advisory
https://bugs.openldap.org/show_bug.cgi?id=9423
Vendor Advisory
Issue Tracking
https://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793
Patch
Vendor Advisory