Multiple vulnerabilities in OpenLDAP
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2020-36221 CVE-2020-36224 CVE-2020-36230 CVE-2020-36229 CVE-2020-36228 CVE-2020-36227 CVE-2020-36226 CVE-2020-36225 CVE-2020-36223 CVE-2020-36222 |
| CWE-ID | CWE-191 CWE-763 CWE-617 CWE-843 CWE-835 CWE-399 CWE-415 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
OpenLDAP Server applications / Directory software, identity management |
| Vendor | OpenLDAP.org |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Integer underflow
EUVDB-ID: #VU50389
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-36221
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow within the serialNumberAndIssuerCheck() function in schema_init.c. A remote attacker can send a specially crafted request to the affected application, trigger an integer underflow and crash the slapd.
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
Fixed software versionsCPE2.3 External links
http://bugs.openldap.org/show_bug.cgi?id=9404
http://bugs.openldap.org/show_bug.cgi?id=9424
http://git.openldap.org/openldap/openldap/-/commit/38ac838e4150c626bbfa0082b7e2cf3a2bb4df31
http://git.openldap.org/openldap/openldap/-/commit/58c1748e81c843c5b6e61648d2a4d1d82b47e842
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
2) Release of invalid pointer or reference
EUVDB-ID: #VU50398
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-36224
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to release of an invalid pointer when processing saslAuthzTo requests. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
Fixed software versionsCPE2.3 External links
http://bugs.openldap.org/show_bug.cgi?id=9409
http://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
http://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26
http://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439
http://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
3) Reachable Assertion
EUVDB-ID: #VU50397
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-36230
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when parsing the X.509 DN within the ber_next_element() function in decode.c. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
Fixed software versionsCPE2.3 External links
http://bugs.openldap.org/show_bug.cgi?id=9423
http://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
4) Type Confusion
EUVDB-ID: #VU50396
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-36229
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error in ldap_X509dn2bv when parsing X.509 DN in ad_keystring. A remote attacker can send a specially crafted request to slapd and crash it.
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
Fixed software versionsCPE2.3 External links
http://bugs.openldap.org/show_bug.cgi?id=9425
http://git.openldap.org/openldap/openldap/-/commit/4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
5) Integer underflow
EUVDB-ID: #VU50395
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-36228
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow when processing the certificate list exact assertion. A remote attacker can send a specially crafted request to the slapd, trigger integer underflow and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
Fixed software versionsCPE2.3 External links
http://bugs.openldap.org/show_bug.cgi?id=9427
http://git.openldap.org/openldap/openldap/-/commit/91dccd25c347733b365adc74cb07d074512ed5ad
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
6) Infinite loop
EUVDB-ID: #VU50394
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-36227
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in slapd with the cancel_extop Cancel operation. A remote attacker can send a specially crafted request and perform a denial of service conditions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
Fixed software versionsCPE2.3 External links
http://bugs.openldap.org/show_bug.cgi?id=9428
http://git.openldap.org/openldap/openldap/-/commit/9d0e8485f3113505743baabf1167e01e4558ccf5
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
7) Resource management error
EUVDB-ID: #VU50393
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-36226
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application leading to a memch->bv_len miscalculation during saslAuthzTo processing. A remote attacker can send specially crafted request to the slapd and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
Fixed software versionsCPE2.3 External links
http://bugs.openldap.org/show_bug.cgi?id=9413
http://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
http://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26
http://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439
http://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
8) Double Free
EUVDB-ID: #VU50392
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-36225
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the saslAuthzTo processing. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
Fixed software versionsCPE2.3 External links
http://bugs.openldap.org/show_bug.cgi?id=9412
http://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
http://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26
http://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439
http://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
9) Double Free
EUVDB-ID: #VU50391
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-36223
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error during the Values Return Filter control handling. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
Fixed software versionsCPE2.3 External links
http://bugs.openldap.org/show_bug.cgi?id=9408
http://git.openldap.org/openldap/openldap/-/commit/21981053a1195ae1555e23df4d9ac68d34ede9dd
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
10) Reachable Assertion
EUVDB-ID: #VU50390
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-36222
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in slapd in the saslAuthzTo validation. A remote attacker can send a specially crafted request and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4.3 - 2.4.56
Fixed software versionsCPE2.3 External links
http://bugs.openldap.org/show_bug.cgi?id=9406
http://bugs.openldap.org/show_bug.cgi?id=9407
http://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0
http://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed
http://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed.aa
http://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
http://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
http://www.debian.org/security/2021/dsa-4845
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
