CVE-2020-12243

Name
CVE-2020-12243
Description
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Release Notes https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES
Exploit https://bugs.openldap.org/show_bug.cgi?id=9202
Patch https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440
Third Party Advisory https://www.debian.org/security/2020/dsa-4666
Mailing List https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html
UBUNTU https://usn.ubuntu.com/4352-2/
CONFIRM https://security.netapp.com/advisory/ntap-20200511-0003/
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html
UBUNTU https://usn.ubuntu.com/4352-1/
CONFIRM https://support.apple.com/kb/HT211289
MISC https://www.oracle.com/security-alerts/cpuoct2020.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:* openldap >= None < 2.4.50

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openldap 3.11-main 2.4.48-r3 Natanael Copa <ncopa@alpinelinux.org> fixed
openldap 3.10-main 2.4.48-r2 Natanael Copa <ncopa@alpinelinux.org> fixed