A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
Se encontró un fallo en OpenLDAP en versiones anteriores a 2.4.56. Este fallo permite a un atacante que envía un paquete malicioso procesado por OpenLDAP forzar una afirmación fallida en la función csnNormalize23(). La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
AV:N/AC:L/Au:N/C:N/I:N/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-617
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| openldap | openldap | * | <built-in method update of dict object at 0x72a9cc7ee140> | Application |
| redhat | jboss_core_services | - | <built-in method update of dict object at 0x72a9b0735d80> | Application |
| redhat | jboss_enterprise_application_platform | 5.0.0 | <built-in method update of dict object at 0x72a9cc7eca80> | Application |
| redhat | jboss_enterprise_web_server | 2.0.0 | <built-in method update of dict object at 0x72a9cc5561c0> | Application |
| redhat | enterprise_linux | 5.0 | <built-in method update of dict object at 0x72a9cc7ecbc0> | Operating System |
| redhat | enterprise_linux | 6.0 | <built-in method update of dict object at 0x72a9cc7ece80> | Operating System |
| redhat | enterprise_linux | 7.0 | <built-in method update of dict object at 0x72a9b0db58c0> | Operating System |
| debian | debian_linux | 9.0 | <built-in method update of dict object at 0x72a9b0db6a40> | Operating System |
| fedoraproject | fedora | 33 | <built-in method update of dict object at 0x72a9b0db4580> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |