PT-2020-13069 · Openldap+6 · Openldap+6

Published

2020-04-28

Updated

2024-03-06

CVE-2020-12243

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenLDAP versions prior to 2.4.50

Description The issue arises from LDAP search filters with nested boolean expressions, which can cause a denial of service (daemon crash) in the slapd component of OpenLDAP.

Recommendations For versions prior to 2.4.50, update to version 2.4.50 or later to resolve the issue.

Exploit

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

ALT-PU-2020-3121

ALT-PU-2020-3151

ALT-PU-2020-3190

BIT-OPENLDAP-2020-12243

CESA-2020_4041

CVE-2020-12243

DLA-2199-1

DSA-4666-1

MGASA-2020-0200

OPENSUSE-SU-2020:0647-1

OPENSUSE-SU-2020_0647-1

RHSA-2020:4041

RHSA-2020_4041

SUSE-SU-2020:1193-1

SUSE-SU-2020:1210-1

SUSE-SU-2020:1219-1

SUSE-SU-2020:14358-1

SUSE-SU-2020_1193-1

SUSE-SU-2020_1219-1

SUSE-SU-2020_14358-1

USN-4352-1

USN-4352-2

Affected Products

Alt Linux

Centos

Linuxmint

Openldap

Red Hat

Suse

Ubuntu

PT-2020-13069 · Openldap+6 · Openldap+6

CVE-2020-12243

Weakness Enumeration

Related Identifiers

Affected Products

References · 54