Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-25710

Опубликовано: 02 нояб. 2020
Источник: redhat
CVSS3: 7.5
EPSS Средний

Описание

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

A flaw was found in OpenLDAP. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

Отчет

This flaw does not affect Red Hat Enterprise Linux 8 because the slapd server is not shipped in the Red Hat Enterprise Linux 8 repositories.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5openldapOut of support scope
Red Hat Enterprise Linux 5openldap24-libsOut of support scope
Red Hat Enterprise Linux 6compat-openldapOut of support scope
Red Hat Enterprise Linux 6openldapOut of support scope
Red Hat Enterprise Linux 7compat-openldapOut of support scope
Red Hat Enterprise Linux 8openldapNot affected
Red Hat JBoss Core ServicesopenldapNot affected
Red Hat JBoss Enterprise Application Platform 5openldapOut of support scope
Red Hat JBoss Enterprise Web Server 2openldapOut of support scope
Red Hat Enterprise Linux 7openldapFixedRHSA-2022:062122.02.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-617
https://bugzilla.redhat.com/show_bug.cgi?id=1899678openldap: assertion failure in CSN normalization with invalid input

EPSS

Процентиль: 95%
0.15495
Средний

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-25710

CVSS3: 7.5
ubuntu
почти 5 лет назад

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

nvd логотип

CVE-2020-25710

CVSS3: 7.5
nvd
почти 5 лет назад

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

debian логотип

CVE-2020-25710

CVSS3: 7.5
debian
почти 5 лет назад

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allo ...

github логотип

GHSA-8wg3-gqcw-9fq9

github
почти 4 года назад

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

fstec логотип

BDU:2022-00230

CVSS3: 7.5
fstec
больше 5 лет назад

Уязвимость функции csnNormalize23() реализации протокола LDAP OpenLDAP, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 95%
0.15495
Средний

7.5 High

CVSS3