CVE-2020-12243

CWE-674 — Uncontrolled Recursion CWE-400 — Uncontrolled Resource Consumption11 documents9 sources

Severity

7.5HIGH

EPSS

10.8%

top 6.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Openldap Openldap Canonical Ubuntu Linux +4 more

Timeline

PublishedApr 28

Latest updateMay 24

Description

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶NVDopenldap/openldap< 2.4.50

▶Debianopenldap< 2.4.50+dfsg-1+3

▶NVDapple/mac_os_x10.13.0 — 10.13.6+4

▶NVDopensuse/leap15.1

▶NVDoracle/solaris10, 11+1

Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.10, 20.04

Patches

Patch: bugs.openldap.org ↗Patch: git.openldap.org ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-v3qx-x9jr-g987: In filter↗2022-05-24

▶

CVEList

CVE-2020-12243: In filter↗2020-04-28

▶

OSV

CVE-2020-12243: In filter↗2020-04-28

▶

📋Vendor Advisories

Apple

CVE-2020-12243: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra↗2020-07-15

▶

Ubuntu

OpenLDAP vulnerability↗2020-05-06

▶

Ubuntu

OpenLDAP vulnerability↗2020-05-06

▶

Red Hat

openldap: denial of service via nested boolean expressions in LDAP search filters↗2020-04-28

▶

Debian

CVE-2020-12243: openldap - In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested ...↗2020

▶

💬Community

Bugzilla

CVE-2020-12243 openldap: denial of service via nested boolean expressions in LDAP search filters↗2020-05-08

▶

Bugzilla

CVE-2020-12243 openldap: denial of service via nested boolean expressions in LDAP search filters [fedora-all]↗2020-05-08

▶