CVE-2020-12243
published 2020-04-28CVE-2020-12243: In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | >= 10.13.0 < 10.13.6 | 10.13.6 |
| apple | mac_os_x | >= 10.14.0 < 10.14.6 | 10.14.6 |
| apple | mac_os_x | >= 10.15 < 10.15.6 | 10.15.6 |
| apple | macos_catalina_10.15.6_security_update_2020-004_mojave_security_update_2020-004 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | openldap | < openldap 2.4.50+dfsg-1 (bookworm) | openldap 2.4.50+dfsg-1 (bookworm) |
| openldap | openldap | < 2.4.50 | 2.4.50 |
| openldap | openldap | >= 0 < 2.4.50+dfsg-1 | 2.4.50+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.50+dfsg-1 | 2.4.50+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.50+dfsg-1 | 2.4.50+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.50+dfsg-1 | 2.4.50+dfsg-1 |
| opensuse | leap | — | — |
| oracle | solaris | — | — |
| oracle | solaris | — | — |
| oracle | zfs_storage_appliance_kit | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH