CVE-2020-12243
HIGHOpenLDAP < 2.4.50 - Denial of Service via Nested Boolean Search Filter
Title source: llmDescription
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
References (12)
Core 12
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2020/dsa-4666
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4352-2/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4352-1/
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2020.html
Exploit, Patch, Vendor Advisory x_refsource_misc
https://bugs.openldap.org/show_bug.cgi?id=9202
Release Notes, Vendor Advisory x_refsource_confirm
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES
Patch, Vendor Advisory x_refsource_confirm
https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200511-0003/
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT211289
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Scores
CVSS v3
7.5
EPSS
0.1076
EPSS Percentile
93.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-674
Status
published
Products (21)
apple/mac_os_x
10.13.6 security_update_2018-002 (13 CPE variants)
apple/mac_os_x
10.14.6 security_update_2019-001 (18 CPE variants)
apple/mac_os_x
10.13.0 - 10.13.6
broadcom/brocade_fabric_operating_system
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
19.10
canonical/ubuntu_linux
20.04
... and 11 more
Published
Apr 28, 2020
Tracked Since
Feb 18, 2026