Vulnerability Details : CVE-2020-36230
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
Vulnerability category: Denial of service
Products affected by CVE-2020-36230
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:bookkeeper:4.12.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-003:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*
Threat overview for CVE-2020-36230
Top countries where our scanners detected CVE-2020-36230
Top open port discovered on systems with this issue
389
IPs affected by CVE-2020-36230 1,019
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-36230!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-36230
0.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-36230
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-36230
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-36230
-
https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html
[SECURITY] [DLA 2544-1] openldap security updateMailing List;Third Party Advisory
-
https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57
OPENLDAP_REL_ENG_2_4_57 · Tags · openldap / OpenLDAP · GitLabRelease Notes;Vendor Advisory
-
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
Mailing List;Third Party Advisory
-
https://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793
ITS#9423 ldap_X509dn2bv: check for invalid BER after RDN count (8c1d96ee) · Commits · openldap / OpenLDAP · GitLabPatch;Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20210226-0002/
February 2021 OpenLDAP Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://support.apple.com/kb/HT212531
About the security content of Security Update 2021-004 Mojave - Apple SupportThird Party Advisory
-
https://support.apple.com/kb/HT212529
About the security content of macOS Big Sur 11.4 - Apple SupportThird Party Advisory
-
https://bugs.openldap.org/show_bug.cgi?id=9423
9423 – Assertion failure when decoding in ldap_X509dn2bvIssue Tracking;Vendor Advisory
-
http://seclists.org/fulldisclosure/2021/May/65
Full Disclosure: APPLE-SA-2021-05-25-3 Security Update 2021-004 MojaveMailing List;Third Party Advisory
-
https://support.apple.com/kb/HT212530
About the security content of Security Update 2021-003 Catalina - Apple SupportThird Party Advisory
-
http://seclists.org/fulldisclosure/2021/May/64
Full Disclosure: APPLE-SA-2021-05-25-4 Security Update 2021-003 CatalinaMailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2021/May/70
Full Disclosure: APPLE-SA-2021-05-25-2 macOS Big Sur 11.4Mailing List;Third Party Advisory
-
https://www.debian.org/security/2021/dsa-4845
Debian -- Security Information -- DSA-4845-1 openldapThird Party Advisory
-
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 - Pony MailMailing List;Third Party Advisory
Jump to