CVE-2020-36229

HIGH

Openldap < 2.4.57 - Type Confusion

Title source: rule
STIX 2.1

Description

A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.

References (14)

Core 14
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugs.openldap.org/show_bug.cgi?id=9425
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4845
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210226-0002/
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212529
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212531
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT212530
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/May/70
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/May/64
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/May/65

Scores

CVSS v3 7.5
EPSS 0.0222
EPSS Percentile 84.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-843
Status published
Products (6)
apple/mac_os_x 10.14.6 (17 CPE variants)
apple/mac_os_x 10.14.0 - 10.14.6
apple/macos 11.1 - 11.4
debian/debian_linux 9.0
debian/debian_linux 10.0
openldap/openldap < 2.4.57
Published Jan 26, 2021
Tracked Since Feb 18, 2026