CVE-2020-25710

Name
CVE-2020-25710
Description
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MLIST https://lists.debian.org/debian-lts-announce/2020/12/msg00008.html
MISC https://git.openldap.org/openldap/openldap/-/commit/ab3915154e69920d480205b4bf5ccb2b391a0a1f#a2feb6ed0257c21c6672793ee2f94eaadc10c72c
DEBIAN https://www.debian.org/security/2020/dsa-4792
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1899678

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:* openldap >= None < 2.4.56

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openldap 3.11-main 2.4.48-r3 Natanael Copa <ncopa@alpinelinux.org> fixed
openldap 3.10-main 2.4.48-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
openldap 3.12-main 2.4.50-r2 Natanael Copa <ncopa@alpinelinux.org> fixed