CVE-2020-36227

HIGH

Openldap < 2.4.57 - Infinite Loop

Title source: rule
STIX 2.1

Description

A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.

References (14)

Core 14
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugs.openldap.org/show_bug.cgi?id=9428
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4845
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210226-0002/
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212529
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212531
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212530
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/May/70
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/May/64
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/May/65

Scores

CVSS v3 7.5
EPSS 0.6034
EPSS Percentile 98.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-835
Status published
Products (4)
apple/macos 11.1 - 11.4
debian/debian_linux 9.0
debian/debian_linux 10.0
openldap/openldap < 2.4.57
Published Jan 26, 2021
Tracked Since Feb 18, 2026