CVE-2020-25692

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: OpenLDAP versions prior to 2.4.55

Description: The issue is related to a NULL pointer dereference in the OpenLDAP server, specifically during a request for renaming RDNs. This can be exploited by an unauthenticated attacker to remotely crash the slapd process by sending a specially crafted request, resulting in a Denial of Service.

Recommendations: For versions prior to 2.4.55, update to version 2.4.55 or later to resolve the issue. As a temporary workaround, consider restricting access to the renaming RDNs functionality until a patch is applied.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2020-3560

ALT-PU-2021-1352

ALT-PU-2021-1354

BDU:2021-01803

BIT-OPENLDAP-2020-25692

CVE-2020-25692

DLA-2425-1

DSA-4782-1

MGASA-2020-0407

OPENSUSE-SU-2020:1918-1

OPENSUSE-SU-2020:1920-1

OPENSUSE-SU-2020_1918-1

OPENSUSE-SU-2020_1920-1

RHSA-2021:1389

RHSA-2021_1389

SUSE-SU-2020:14541-1

SUSE-SU-2020:3313-1

SUSE-SU-2020:3314-1

SUSE-SU-2020:3315-1

SUSE-SU-2020_14541-1

SUSE-SU-2020_3313-1

SUSE-SU-2020_3314-1

SUSE-SU-2020_3315-1

USN-4622-1

USN-4622-2

Affected Products

Alt Linux

Linuxmint

Openldap

Red Hat

Suse

Ubuntu

CVE-2020-25692

Weakness Enumeration

Related Identifiers

Affected Products

References · 42