CVE-2020-36227

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions OpenLDAP versions prior to 2.4.57

Description A flaw was discovered in OpenLDAP leading to an infinite loop in slapd with the cancel extop Cancel operation, resulting in denial of service. This issue can be exploited by a remote attacker by sending a specially crafted request, allowing them to execute a denial of service.

Recommendations For OpenLDAP versions prior to 2.4.57, update to version 2.4.57 or later to resolve the issue. As a temporary workaround, consider disabling the cancel extop operation in the slapd configuration until a patch is applied.

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2021-1333

ALT-PU-2021-1352

ALT-PU-2021-1354

BDU:2021-06403

BIT-OPENLDAP-2020-36227

CVE-2020-36227

DLA-2544-1

DSA-4845-1

MGASA-2021-0105

OESA-2021-1062

OPENSUSE-SU-2021:0408-1

OPENSUSE-SU-2021_0408-1

ROSA-SA-2025-2550

SUSE-SU-2021:0692-1

SUSE-SU-2021:0693-1

SUSE-SU-2021:0723-1

SUSE-SU-2021:14700-1

SUSE-SU-2021_14700-1

USN-4724-1

USN-7698-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Apple Macos

Openldap

Red Os

Suse

Ubuntu

CVE-2020-36227

Weakness Enumeration

Related Identifiers

Affected Products

References · 108