#VU48515 Reachable Assertion in OpenLDAP


Published: 2020-11-17

Vulnerability identifier: #VU48515

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25710

CWE-ID: CWE-617

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenLDAP
Server applications / Directory software, identity management

Vendor: OpenLDAP.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when processing LDAP requests in slapd within the csnNormalize23() function in schema_init.c. A remote attacker can send a specially crafted packet to the server, trigger an assertion failure and crash the daemon.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenLDAP: 2.4.8 - 2.4.55

External links
http://bugs.openldap.org/show_bug.cgi?id=9384
http://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Juniper Networks Session Smart Router
Multiple vulnerabilities in Junos Space
Multiple vulnerabilities in IBM Security Access Manager
Multiple vulnerabilities in IBM QRadar Network Security
Multiple vulnerabilities in Hitachi Energy SDM600
Multiple vulnerabilities in Red Hat OpenShift GitOps 1.3
Multiple vulnerabilities in Red Hat OpenShift GitOps 1.2
CentOS 7 update for openldap
Red Hat Enterprise Linux 7 update for openldap
openEuler 20.03 LTS SP1 update for openldap