Multiple vulnerabilities in OpenLDAP
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2020-36221 CVE-2020-36224 CVE-2020-36230 CVE-2020-36229 CVE-2020-36228 CVE-2020-36227 CVE-2020-36226 CVE-2020-36225 CVE-2020-36223 CVE-2020-36222 |
| CWE-ID | CWE-191 CWE-763 CWE-617 CWE-843 CWE-835 CWE-399 CWE-415 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
OpenLDAP Server applications / Directory software, identity management |
| Vendor | OpenLDAP.org |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Integer underflow
EUVDB-ID: #VU50389
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36221
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow within the serialNumberAndIssuerCheck() function in schema_init.c. A remote attacker can send a specially crafted request to the affected application, trigger an integer underflow and crash the slapd.
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
External linkshttp://bugs.openldap.org/show_bug.cgi?id=9404
http://bugs.openldap.org/show_bug.cgi?id=9424
http://git.openldap.org/openldap/openldap/-/commit/38ac838e4150c626bbfa0082b7e2cf3a2bb4df31
http://git.openldap.org/openldap/openldap/-/commit/58c1748e81c843c5b6e61648d2a4d1d82b47e842
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Release of invalid pointer or reference
EUVDB-ID: #VU50398
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36224
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to release of an invalid pointer when processing saslAuthzTo requests. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
External linkshttp://bugs.openldap.org/show_bug.cgi?id=9409
http://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
http://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26
http://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439
http://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Reachable Assertion
EUVDB-ID: #VU50397
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36230
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when parsing the X.509 DN within the ber_next_element() function in decode.c. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
External linkshttp://bugs.openldap.org/show_bug.cgi?id=9423
http://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Type Confusion
EUVDB-ID: #VU50396
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36229
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error in ldap_X509dn2bv when parsing X.509 DN in ad_keystring. A remote attacker can send a specially crafted request to slapd and crash it.
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
External linkshttp://bugs.openldap.org/show_bug.cgi?id=9425
http://git.openldap.org/openldap/openldap/-/commit/4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer underflow
EUVDB-ID: #VU50395
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36228
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow when processing the certificate list exact assertion. A remote attacker can send a specially crafted request to the slapd, trigger integer underflow and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
External linkshttp://bugs.openldap.org/show_bug.cgi?id=9427
http://git.openldap.org/openldap/openldap/-/commit/91dccd25c347733b365adc74cb07d074512ed5ad
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Infinite loop
EUVDB-ID: #VU50394
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36227
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in slapd with the cancel_extop Cancel operation. A remote attacker can send a specially crafted request and perform a denial of service conditions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
External linkshttp://bugs.openldap.org/show_bug.cgi?id=9428
http://git.openldap.org/openldap/openldap/-/commit/9d0e8485f3113505743baabf1167e01e4558ccf5
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU50393
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36226
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application leading to a memch->bv_len miscalculation during saslAuthzTo processing. A remote attacker can send specially crafted request to the slapd and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
External linkshttp://bugs.openldap.org/show_bug.cgi?id=9413
http://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
http://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26
http://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439
http://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Double Free
EUVDB-ID: #VU50392
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36225
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the saslAuthzTo processing. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
External linkshttp://bugs.openldap.org/show_bug.cgi?id=9412
http://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
http://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26
http://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439
http://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Double Free
EUVDB-ID: #VU50391
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36223
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error during the Values Return Filter control handling. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
External linkshttp://bugs.openldap.org/show_bug.cgi?id=9408
http://git.openldap.org/openldap/openldap/-/commit/21981053a1195ae1555e23df4d9ac68d34ede9dd
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Reachable Assertion
EUVDB-ID: #VU50390
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36222
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in slapd in the saslAuthzTo validation. A remote attacker can send a specially crafted request and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
External linkshttp://bugs.openldap.org/show_bug.cgi?id=9406
http://bugs.openldap.org/show_bug.cgi?id=9407
http://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0
http://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed
http://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed.aa
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
