CVE-2020-36225

Name
CVE-2020-36225
Description
A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26
Patch https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439
Patch https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65
Patch https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8
Release Notes https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
Issue Tracking https://bugs.openldap.org/show_bug.cgi?id=9412
Mailing List https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
Third Party Advisory https://www.debian.org/security/2021/dsa-4845
Third Party Advisory https://security.netapp.com/advisory/ntap-20210226-0002/
Third Party Advisory https://support.apple.com/kb/HT212529
FULLDISC http://seclists.org/fulldisclosure/2021/May/70
FULLDISC http://seclists.org/fulldisclosure/2021/May/64
FULLDISC http://seclists.org/fulldisclosure/2021/May/65
CONFIRM https://support.apple.com/kb/HT212530
CONFIRM https://support.apple.com/kb/HT212531

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:* openldap >= None < 2.4.57

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openldap 3.12-main 2.4.50-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openldap 3.11-main 2.4.48-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openldap 3.10-main 2.4.48-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable