CVE-2020-25709 HIGH

Published: 2021-05-18 | Last Modified: 2024-11-21 | Status: Modified

Description

A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.

Additional Descriptions (1)

Se encontró un fallo en OpenLDAP. Este fallo permite a un atacante que puede enviar un paquete malicioso a ser procesado por el servidor slapd de OpenLDAP, para desencadenar un fallo de aserción. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-617

Affected Products

Vendor	Product	Version	Update	Type
openldap	openldap	*	<built-in method update of dict object at 0x72a9b0e0e440>	Application
debian	debian_linux	9.0	<built-in method update of dict object at 0x72a9cc55f440>	Operating System
debian	debian_linux	10.0	<built-in method update of dict object at 0x72a9b0e0e740>	Operating System
apple	mac_os_x	*	<built-in method update of dict object at 0x72a9b0e0eec0>	Operating System
apple	mac_os_x	*	<built-in method update of dict object at 0x72a9b0e0ec80>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9cc55d080>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9cc52f880>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9b0e0f6c0>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9cc55f9c0>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9b0e0e600>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9b0e0f1c0>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9b0e0f600>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9cdf01e80>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9cc747640>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9b0e0e580>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9cc55fa40>	Operating System
apple	mac_os_x	10.14.6	<built-in method update of dict object at 0x72a9cc55f700>	Operating System
apple	mac_os_x	10.15.7	<built-in method update of dict object at 0x72a9b0ca4140>	Operating System
apple	mac_os_x	10.15.7	<built-in method update of dict object at 0x72a9b0d01ac0>	Operating System
apple	mac_os_x	10.15.7	<built-in method update of dict object at 0x72a9cdf01d80>	Operating System
apple	mac_os_x	10.15.7	<built-in method update of dict object at 0x72a9cc55c5c0>	Operating System
apple	macos	*	<built-in method update of dict object at 0x72a9cc55f340>	Operating System
redhat	jboss_core_services	-	<built-in method update of dict object at 0x72a9b0ca6fc0>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:openldap:openldap::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:debian:debian_linux:9.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:10.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:apple:mac_os_x::::::::`
Yes	`cpe:2.3:o:apple:mac_os_x::::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:-::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.15.7:-::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007::::::`
Yes	`cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update::::::`
Yes	`cpe:2.3:o:apple:macos::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:redhat:jboss_core_services:-:::::::*`

References

http://seclists.org/fulldisclosure/2021/Feb/14
Source: [email protected]

Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1899675
Source: [email protected]

Issue Tracking Patch Third Party Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Source: [email protected]
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
Source: [email protected]
https://lists.debian.org/debian-lts-announce/2020/12/msg00008.html
Source: [email protected]

Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20210716-0003/
Source: [email protected]

Third Party Advisory
https://support.apple.com/kb/HT212147
Source: [email protected]

Third Party Advisory
https://www.debian.org/security/2020/dsa-4792
Source: [email protected]

Third Party Advisory
http://seclists.org/fulldisclosure/2021/Feb/14
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1899675
Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking Patch Third Party Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2020/12/msg00008.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20210716-0003/
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://support.apple.com/kb/HT212147
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.debian.org/security/2020/dsa-4792
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory