CVE-2020-36228

Name
CVE-2020-36228
Description
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugs.openldap.org/show_bug.cgi?id=9427
Release Notes https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
Patch https://git.openldap.org/openldap/openldap/-/commit/91dccd25c347733b365adc74cb07d074512ed5ad
Mailing List https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
Third Party Advisory https://www.debian.org/security/2021/dsa-4845
Third Party Advisory https://security.netapp.com/advisory/ntap-20210226-0002/
Third Party Advisory https://support.apple.com/kb/HT212529
FULLDISC http://seclists.org/fulldisclosure/2021/May/70
FULLDISC http://seclists.org/fulldisclosure/2021/May/64
FULLDISC http://seclists.org/fulldisclosure/2021/May/65
CONFIRM https://support.apple.com/kb/HT212530
CONFIRM https://support.apple.com/kb/HT212531

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:* openldap >= None < 2.4.57

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openldap 3.12-main 2.4.50-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openldap 3.11-main 2.4.48-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openldap 3.10-main 2.4.48-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable