CVE-2020-36230

Summary

CVE	CVE-2020-36230
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-01-26 18:15:00 UTC
Updated	2023-11-07 03:22:00 UTC
Description	A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.

Risk And Classification

Problem Types: CWE-617

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Apache	Bookkeeper	4.12.1	All	All	All
Operating System	Apple	Macos	All	All	All	All
Operating System	Apple	Mac Os X	All	All	All	All
Operating System	Apple	Mac Os X	10.14.6	-	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2019-004	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2019-005	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2019-006	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2019-007	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2020-001	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2020-002	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2020-003	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2020-004	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2020-005	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2020-006	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2020-007	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2021-001	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2021-002	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2021-003	All	All
Operating System	Apple	Mac Os X	10.14.6	supplemental_update	All	All
Operating System	Apple	Mac Os X	10.14.6	supplemental_update_2	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Application	Openldap	Openldap	All	All	All	All
Application	Openldap	Openldap	All	All	All	All

References

Reference	Source	Link	Tags
OPENLDAP_REL_ENG_2_4_57 · Tags · openldap / OpenLDAP · GitLab	MISC	git.openldap.org	Release Notes, Vendor Advisory
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8		lists.apache.org
Pony Mail!	MLIST	lists.apache.org
About the security content of macOS Big Sur 11.4 - Apple Support	CONFIRM	support.apple.com
ITS#9423 ldap_X509dn2bv: check for invalid BER after RDN count (8c1d96ee) · Commits · openldap / OpenLDAP · GitLab	MISC	git.openldap.org	Patch, Vendor Advisory
Debian -- Security Information -- DSA-4845-1 openldap	DEBIAN	www.debian.org	Third Party Advisory
Full Disclosure: APPLE-SA-2021-05-25-3 Security Update 2021-004 Mojave	FULLDISC	seclists.org
Full Disclosure: APPLE-SA-2021-05-25-4 Security Update 2021-003 Catalina	FULLDISC	seclists.org
February 2021 OpenLDAP Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com	Third Party Advisory
Pony Mail!	MLIST	lists.apache.org
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8		lists.apache.org
About the security content of Security Update 2021-003 Catalina - Apple Support	CONFIRM	support.apple.com
Full Disclosure: APPLE-SA-2021-05-25-2 macOS Big Sur 11.4	FULLDISC	seclists.org
[SECURITY] [DLA 2544-1] openldap security update	MLIST	lists.debian.org	Mailing List, Third Party Advisory
9423 – Assertion failure when decoding in ldap_X509dn2bv	MISC	bugs.openldap.org	Issue Tracking, Vendor Advisory
About the security content of Security Update 2021-004 Mojave - Apple Support	CONFIRM	support.apple.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

174780 SUSE Enterprise Linux Security update for openldap2 (SUSE-SU-2021:0692-1)
174783 SUSE Enterprise Linux Security update for openldap2 (SUSE-SU-2021:0723-1)
174918 SUSE Enterprise Linux Security Update for openldap2 (SUSE-SU-2021:14700-1)
296069 Oracle Solaris 11.4 Support Repository Update (SRU) 31.88.5 Missing (CPUJAN2021)
354907 Amazon Linux Security Advisory for openldap : ALAS2-2023-2033
354925 Amazon Linux Security Advisory for openldap : ALAS-2023-1741
355082 Amazon Linux Security Advisory for openldap : AL2012-2023-407
375585 Apple macOS Security Update 2021-004 Mojave (HT212531)
375586 Apple macOS Security Update 2021-003 Catalina (HT212530)
375588 Apple MacOS Big Sur 11.4 Not Installed (HT212529)
501459 Alpine Linux Security Update for openldap
504239 Alpine Linux Security Update for openldap
590970 Hitachi Energy RTU500 OpenLDAP Multiple Vulnerabilities (ICSA-21-341-01)
591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
670252 EulerOS Security Update for openldap (EulerOS-SA-2021-1824)
670318 EulerOS Security Update for openldap (EulerOS-SA-2021-1906)
670343 EulerOS Security Update for openldap (EulerOS-SA-2021-1881)
670657 EulerOS Security Update for openldap (EulerOS-SA-2021-2415)
730121 McAfee Web Gateway Multiple Vulnerabilities (WP-3484,WP-3744,WP-3745,WP-3746,WP-3747,WP-3793,WP-3800)
750317 OpenSUSE Security Update for openldap2 (openSUSE-SU-2021:0408-1)
900145 CBL-Mariner Linux Security Update for openldap 2.4.50
903005 Common Base Linux Mariner (CBL-Mariner) Security Update for openldap (3830)