Vulnerability Details : CVE-2021-27212
Potential exploit
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.
Vulnerability category: Denial of service
Products affected by CVE-2021-27212
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.5.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.5.1:alpha:*:*:*:*:*:*
Threat overview for CVE-2021-27212
Top countries where our scanners detected CVE-2021-27212
Top open port discovered on systems with this issue
389
IPs affected by CVE-2021-27212 1,019
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2021-27212!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2021-27212
16.83%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-27212
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-27212
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-27212
-
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
Mailing List;Third Party Advisory
-
https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30
ITS#9454 fix issuerAndThisUpdateCheck (9badb734) · Commits · openldap / OpenLDAP · GitLabPatch;Vendor Advisory
-
https://bugs.openldap.org/show_bug.cgi?id=9454
9454 – A malicious packet can force OpenLDAP to fail an assertion and crash (schema_init.c:3808: checkTime)Exploit;Issue Tracking;Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20210319-0005/
CVE-2021-27212 OpenLDAP Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/02/msg00035.html
[SECURITY] [DLA 2574-1] openldap security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2021/dsa-4860
Debian -- Security Information -- DSA-4860-1 openldapThird Party Advisory
-
https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0
ITS#9454 fix issuerAndThisUpdateCheck (3539fc33) · Commits · openldap / OpenLDAP · GitLabPatch;Vendor Advisory
-
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 - Pony MailMailing List;Third Party Advisory
Jump to