CVE-2020-12243
Summary
| CVE | CVE-2020-12243 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-04-28 19:15:00 UTC |
| Updated | 2022-04-29 13:24:00 UTC |
| Description | In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). |
Risk And Classification
Problem Types: CWE-674
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2018-002 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2018-003 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-001 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-002 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-003 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-004 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-005 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-006 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2019-007 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2020-001 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2020-002 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | security_update_2020-003 | All | All |
| Operating System | Apple | Mac Os X | 10.13.6 | supplemental_update | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-001 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-002 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-004 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-005 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-006 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2019-007 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2020-001 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2020-002 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2020-003 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2020-004 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2020-005 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2020-006 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2020-007 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2021-001 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2021-002 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | security_update_2021-003 | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | supplemental_update | All | All |
| Operating System | Apple | Mac Os X | 10.14.6 | supplemental_update_2 | All | All |
| Operating System | Broadcom | Brocade Fabric Operating System | - | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 19.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 20.04 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Netapp | Cloud Backup | - | All | All | All |
| Hardware | Netapp | H300e | - | All | All | All |
| Operating System | Netapp | H300e Firmware | - | All | All | All |
| Hardware | Netapp | H300s | - | All | All | All |
| Operating System | Netapp | H300s Firmware | - | All | All | All |
| Hardware | Netapp | H410c | - | All | All | All |
| Operating System | Netapp | H410c Firmware | - | All | All | All |
| Hardware | Netapp | H410s | - | All | All | All |
| Operating System | Netapp | H410s Firmware | - | All | All | All |
| Hardware | Netapp | H500e | - | All | All | All |
| Operating System | Netapp | H500e Firmware | - | All | All | All |
| Hardware | Netapp | H500s | - | All | All | All |
| Operating System | Netapp | H500s Firmware | - | All | All | All |
| Hardware | Netapp | H700e | - | All | All | All |
| Operating System | Netapp | H700e Firmware | - | All | All | All |
| Hardware | Netapp | H700s | - | All | All | All |
| Operating System | Netapp | H700s Firmware | - | All | All | All |
| Application | Netapp | Steelstore Cloud Integrated Storage | - | All | All | All |
| Application | Openldap | Openldap | All | All | All | All |
| Application | Openldap | Openldap | All | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Oracle | Solaris | 10 | All | All | All |
| Operating System | Oracle | Solaris | 11 | All | All | All |
| Application | Oracle | Zfs Storage Appliance Kit | 8.8 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| USN-4352-1: OpenLDAP vulnerability | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| [SECURITY] [DLA 2199-1] openldap security update | MLIST | lists.debian.org | Mailing List, Third Party Advisory |
| USN-4352-2: OpenLDAP vulnerability | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| Oracle Critical Patch Update Advisory - April 2022 | MISC | www.oracle.com | |
| ITS#9202 limit depth of nested filters (98464c11) · Commits · openldap / OpenLDAP · GitLab | CONFIRM | git.openldap.org | Patch, Vendor Advisory |
| [security-announce] openSUSE-SU-2020:0647-1: important: Security update | SUSE | lists.opensuse.org | |
| Debian -- Security Information -- DSA-4666-1 openldap | DEBIAN | www.debian.org | Third Party Advisory |
| Oracle Critical Patch Update Advisory - October 2020 | MISC | www.oracle.com | |
| CHANGES · OPENLDAP_REL_ENG_2_4 · openldap / OpenLDAP · GitLab | CONFIRM | git.openldap.org | Release Notes, Vendor Advisory |
| CVE-2020-12243 OpenLDAP Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra - Apple Support | CONFIRM | support.apple.com | |
| 9202 – Should limit depth of nested filters | MISC | bugs.openldap.org | Exploit, Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 296074 Oracle Solaris 11.4 Support Repository Update (SRU) 22.69.4 Missing (CPUAPR2020)
- 377447 Alibaba Cloud Linux Security Update for openldap (ALINUX2-SA-2020:0158)
- 500479 Alpine Linux Security Update for openldap
- 504237 Alpine Linux Security Update for openldap
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)