Vulnerability Details : CVE-2020-36222
A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.
Vulnerability category: Denial of service
Threat overview for CVE-2020-36222
Top countries where our scanners detected CVE-2020-36222
Top open port discovered on systems with this issue
389
IPs affected by CVE-2020-36222 905
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-36222!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-36222
Probability of exploitation activity in the next 30 days: 4.51%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-36222
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-36222
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-36222
-
https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
[SECURITY] [DLA 2544-1] openldap security updateMailing List;Third Party Advisory
-
https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
OPENLDAP_REL_ENG_2_4_57 · Tags · openldap / OpenLDAP · GitLabRelease Notes;Vendor Advisory
-
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
Mailing List;Third Party Advisory
-
https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed
ITS#9406, #9407 remove saslauthz asserts (6ed057b5) · Commits · openldap / OpenLDAP · GitLabPatch;Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20210226-0002/
February 2021 OpenLDAP Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://support.apple.com/kb/HT212531
About the security content of Security Update 2021-004 Mojave - Apple SupportThird Party Advisory
-
https://bugs.openldap.org/show_bug.cgi?id=9407
9407 – Assertion failure in OpenLDAP: slapd v2.X - saslauthz.c:slap_parse_user:181Issue Tracking;Vendor Advisory
-
https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed.aa
The page you're looking for could not be found (404)Broken Link
-
https://support.apple.com/kb/HT212529
About the security content of macOS Big Sur 11.4 - Apple SupportThird Party Advisory
-
http://seclists.org/fulldisclosure/2021/May/65
Full Disclosure: APPLE-SA-2021-05-25-3 Security Update 2021-004 MojaveMailing List;Third Party Advisory
-
https://support.apple.com/kb/HT212530
About the security content of Security Update 2021-003 Catalina - Apple SupportThird Party Advisory
-
http://seclists.org/fulldisclosure/2021/May/64
Full Disclosure: APPLE-SA-2021-05-25-4 Security Update 2021-003 CatalinaMailing List;Third Party Advisory
-
https://bugs.openldap.org/show_bug.cgi?id=9406
9406 – Assertion failure in OpenLDAP: slapd v2.X - saslauthz.c:authzPrettyNormal:814Issue Tracking;Vendor Advisory
-
http://seclists.org/fulldisclosure/2021/May/70
Full Disclosure: APPLE-SA-2021-05-25-2 macOS Big Sur 11.4Mailing List;Third Party Advisory
-
https://www.debian.org/security/2021/dsa-4845
Debian -- Security Information -- DSA-4845-1 openldapThird Party Advisory
-
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 - Pony MailMailing List;Third Party Advisory
-
https://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0
ITS#9406 fix debug msg (02dfc32d) · Commits · openldap / OpenLDAP · GitLabPatch;Vendor Advisory
Products affected by CVE-2020-36222
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-003:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*