7.5

CVE-2021-27212

Exploit
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenldapOpenldap Version <= 2.4.57
OpenldapOpenldap Version2.5.0 Updatealpha
OpenldapOpenldap Version2.5.1 Updatealpha
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 64.15% 0.991
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
https://bugs.openldap.org/show_bug.cgi?id=9454
Vendor Advisory
Exploit
Issue Tracking
https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0
Patch
Vendor Advisory
https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/02/msg00035.html
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20210319-0005/
Third Party Advisory
https://www.debian.org/security/2021/dsa-4860
Third Party Advisory