CVE-2020-36222

HIGH

OpenLDAP < 2.4.57 - Denial of Service via SASL AuthzTo Validation

Title source: llm
STIX 2.1

Description

A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.

References (17)

Core 17
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugs.openldap.org/show_bug.cgi?id=9406
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugs.openldap.org/show_bug.cgi?id=9407
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4845
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210226-0002/
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212529
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212531
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212530
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/May/70
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/May/64
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/May/65

Scores

CVSS v3 7.5
EPSS 0.7774
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-617
Status published
Products (6)
apple/mac_os_x 10.14.6 (17 CPE variants)
apple/mac_os_x 10.14.0 - 10.14.6
apple/macos 11.1 - 11.4
debian/debian_linux 9.0
debian/debian_linux 10.0
openldap/openldap < 2.4.57
Published Jan 26, 2021
Tracked Since Feb 18, 2026