Denial of service in OpenLDAP
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-27212 |
| CWE-ID | CWE-617 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
OpenLDAP Server applications / Directory software, identity management |
| Vendor | OpenLDAP.org |
Security Bulletin
This security bulletin contains information about 1 vulnerabilities.
Updated: 23.03.2021
Changed bulletin status to patched.
1) Reachable Assertion
EUVDB-ID: #VU50779
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-27212
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when processing LDAP packets within the issuerAndThisUpdateCheck() function in schema_init.c. A remote attacker can send a specially crafted packet with a short timestamp to the slapd and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsOpenLDAP: 2.4 - 2.4.57
Fixed software versionsCPE2.3 External links
http://bugs.openldap.org/show_bug.cgi?id=9454
http://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0
http://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
