CVE-2020-25710

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OpenLDAP versions prior to 2.4.56

Description A flaw in OpenLDAP allows an attacker to force a failed assertion in the csnNormalize23() function by sending a malicious packet. This can lead to a denial of service, affecting system availability. The vulnerability can be exploited remotely.

Recommendations For OpenLDAP versions prior to 2.4.56, update to version 2.4.56 or later to resolve the issue. As a temporary workaround, consider restricting access to the csnNormalize23() function until a patch is available.

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

ALT-PU-2020-3560

ALT-PU-2021-1352

ALT-PU-2021-1354

BDU:2022-00230

BIT-OPENLDAP-2020-25710

CESA-2022_0621

CVE-2020-25710

DLA-2481-1

DSA-4792-1

MGASA-2021-0046

OESA-2021-1244

OPENSUSE-SU-2021:0102-1

OPENSUSE-SU-2021:0107-1

OPENSUSE-SU-2021_0102-1

OPENSUSE-SU-2021_0107-1

RHSA-2022:0621

RHSA-2022_0621

SUSE-SU-2021:0128-1

SUSE-SU-2021:0129-1

SUSE-SU-2021:0142-1

SUSE-SU-2021:14597-1

SUSE-SU-2021_14597-1

USN-4634-1

USN-4634-2

Affected Products

Alt Linux

Astra Linux

Centos

Linuxmint

Openldap

Red Hat

Red Os

Suse

Ubuntu

CVE-2020-25710

Weakness Enumeration

Related Identifiers

Affected Products

References · 61