CVE-2020-36222

Name
CVE-2020-36222
Description
A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugs.openldap.org/show_bug.cgi?id=9407
Patch https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed
Issue Tracking https://bugs.openldap.org/show_bug.cgi?id=9406
Release Notes https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
Patch https://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0
Broken Link https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed.aa
Mailing List https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
Third Party Advisory https://www.debian.org/security/2021/dsa-4845
Third Party Advisory https://security.netapp.com/advisory/ntap-20210226-0002/
Third Party Advisory https://support.apple.com/kb/HT212529
Third Party Advisory https://support.apple.com/kb/HT212531
FULLDISC http://seclists.org/fulldisclosure/2021/May/70
FULLDISC http://seclists.org/fulldisclosure/2021/May/64
FULLDISC http://seclists.org/fulldisclosure/2021/May/65
CONFIRM https://support.apple.com/kb/HT212530

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:* openldap >= None < 2.4.57

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openldap 3.12-main 2.4.50-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openldap 3.11-main 2.4.48-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openldap 3.10-main 2.4.48-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable