Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

OpenLDAP < 2.4.57 Multiple DoS Vulnerabilities

Information

Severity

Severity

Medium

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

2 years ago

Modified

Modified

2 years ago

Share

Summary

OpenLDAP is prone to multiple denial of service (DoS) vulnerabilities.

Insight

Insight

The following vulnerabilities exist: - CVE-2020-36221: Integer underflow leading to slapd crashes in the Certificate Exact Assertion processing - CVE-2020-36222: Assertion failure in slapd in the saslAuthzTo validation - CVE-2020-36223: slapd crash in the Values Return Filter control handling - CVE-2020-36224: Invalid pointer free and slapd crash in the saslAuthzTo processing - CVE-2020-36225: Double free and slapd crash in the saslAuthzTo processing - CVE-2020-36226: memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing - CVE-2020-36227: Infinite loop in slapd with the cancel_extop Cancel operation - CVE-2020-36228: Integer underflow leading to a slapd crash in the Certificate List Exact Assertion processing - CVE-2020-36229: slapd crash in the X.509 DN parsing in ad_keystring - CVE-2020-36230: Assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element

Affected Software

Affected Software

OpenLDAP prior to version 2.4.57.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update to version 2.4.57 or later.

Common Vulnerabilities and Exposures (CVE)

References