CVE-2020-36224

HIGH

OpenLDAP < 2.4.57 - Denial of Service via SASL AuthzTo Processing

Title source: llm
STIX 2.1

Description

A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

References (17)

Core 17
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugs.openldap.org/show_bug.cgi?id=9409
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4845
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210226-0002/
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212529
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212531
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212530
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/May/70
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/May/64
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/May/65

Scores

CVSS v3 7.5
EPSS 0.0430
EPSS Percentile 89.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-763
Status published
Products (6)
apple/mac_os_x 10.14.6 (17 CPE variants)
apple/mac_os_x 10.14.0 - 10.14.6
apple/macos 11.1 - 11.4
debian/debian_linux 9.0
debian/debian_linux 10.0
openldap/openldap < 2.4.57
Published Jan 26, 2021
Tracked Since Feb 18, 2026