CVE-2020-25692

CWE-476 — NULL Pointer Dereference10 documents9 sources

Severity

7.5HIGH

EPSS

6.2%

top 9.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openldap Openldap Redhat Enterprise Linux

Timeline

PublishedDec 8

Latest updateMay 24

Description

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDopenldap/openldap< 2.4.55

▶Debianopenldap< 2.4.55+dfsg-1+3

▶CVEListV5openldapopenldap 2.4.55

Also affects: Enterprise Linux 5.0, 6.0, 7.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-73cr-r2gx-wgq6: A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2↗2022-05-24

▶

CVEList

CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2↗2020-12-08

▶

OSV

CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2↗2020-12-08

▶

📋Vendor Advisories

Microsoft

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55 during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sendi↗2020-12-08

▶

Ubuntu

OpenLDAP vulnerability↗2020-11-11

▶

Ubuntu

OpenLDAP vulnerability↗2020-11-09

▶

Red Hat

openldap: NULL pointer dereference for unauthenticated packet in slapd↗2020-10-19

▶

Debian

CVE-2020-25692: openldap - A NULL pointer dereference was found in OpenLDAP server and was fixed in openlda...↗2020

▶

💬Community

Bugzilla

CVE-2020-25692 openldap: NULL pointer dereference for unauthenticated packet in slapd↗2020-11-04

▶