CVE-2020-25709
published 2021-05-18CVE-2020-25709: A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.86%
85.0th percentile
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | >= 10.14.0 < 10.14.6 | 10.14.6 |
| apple | mac_os_x | >= 10.15 < 10.15.7 | 10.15.7 |
| apple | macos | >= 11.0 < 11.0.1 | 11.0.1 |
| apple | macos_big_sur_11.2_security_update_2021-001_catalina_security_update_2021-001_mo | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | openldap | < openldap 2.4.56+dfsg-1 (bookworm) | openldap 2.4.56+dfsg-1 (bookworm) |
| openldap | openldap | < 2.4.56 | 2.4.56 |
| openldap | openldap | — | — |
| openldap | openldap | >= 0 < 2.4.56+dfsg-1 | 2.4.56+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.56+dfsg-1 | 2.4.56+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.56+dfsg-1 | 2.4.56+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.56+dfsg-1 | 2.4.56+dfsg-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
cisa_ics·2023-12-14
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Release DateDecember 14, 2023
Alert CodeICSA-23-348-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
- Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss
CISA ICS
Hitachi Energy System Data Manager
cisa_ics·2022-04-26·CVSS 7.5
[HIGH] Hitachi Energy System Data Manager
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hitachi Energy System Data Manager
Last RevisedApril 26, 2022
Alert CodeICSA-22-116-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: System Data Manager – SDM600
- Vulnerabilities: Integer Overflow or Wraparound, Reachable Assertion, Type Confusion, Uncontrolled Recursion, Observable Discrepancy
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to eavesdrop on traffic or to cause a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 A
Apple
CVE-2020-25709: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
vendor_apple·2021-02-01·CVSS 7.5
CVE-2020-25709 [HIGH] CVE-2020-25709: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
Apple Security Update: About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
Product: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
CVE: CVE-2020-25709
Component: CVE-2020-25709
Ubuntu
OpenLDAP vulnerabilities
vendor_ubuntu·2020-11-23
CVE-2020-25709 OpenLDAP vulnerabilities
Title: OpenLDAP vulnerabilities
Summary: OpenLDAP could be made to crash if it received specially crafted network
traffic.
USN-4634-1 fixed several vulnerabilities in OpenLDAP. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that OpenLDAP incorrectly handled certain malformed
inputs. A remote attacker could possibly use this issue to cause OpenLDAP
to crash, resulting in a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
OpenLDAP vulnerabilities
vendor_ubuntu·2020-11-17
CVE-2020-25709 OpenLDAP vulnerabilities
Title: OpenLDAP vulnerabilities
Summary: OpenLDAP could be made to crash if it received specially crafted network
traffic.
It was discovered that OpenLDAP incorrectly handled certain malformed
inputs. A remote attacker could possibly use this issue to cause OpenLDAP
to crash, resulting in a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
openldap: assertion failure in Certificate List syntax validation
vendor_redhat·2020-11-02·CVSS 7.5
CVE-2020-25709 [HIGH] CWE-617 openldap: assertion failure in Certificate List syntax validation
openldap: assertion failure in Certificate List syntax validation
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
Statement: This flaw does not affect Red Hat Enterprise Linux 8 because the slapd server is not shipped in the Red Hat Enterprise Linux 8 repositories.
Mitigation: Mitigation for this issue is either not available or the currently available options do no
Debian
CVE-2020-25709: openldap - A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malici...
vendor_debian·2020·CVSS 7.5
CVE-2020-25709 [HIGH] CVE-2020-25709: openldap - A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malici...
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
Scope: local
bookworm: resolved (fixed in 2.4.56+dfsg-1)
bullseye: resolved (fixed in 2.4.56+dfsg-1)
forky: resolved (fixed in 2.4.56+dfsg-1)
sid: resolved (fixed in 2.4.56+dfsg-1)
trixie: resolved (fixed in 2.4.56+dfsg-1)
GHSA
GHSA-cpm7-pgmm-3mfr: A flaw was found in OpenLDAP
ghsa_unreviewed·2022-05-24
CVE-2020-25709 [HIGH] CWE-617 GHSA-cpm7-pgmm-3mfr: A flaw was found in OpenLDAP
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
OSV
CVE-2020-25709: A flaw was found in OpenLDAP
osv·2021-05-18·CVSS 7.5
CVE-2020-25709 [HIGH] CVE-2020-25709: A flaw was found in OpenLDAP
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-22185 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-22185 [HIGH] CVE-2026-22185 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22185 :
OpenLDAP vulnerability analysis and mitigation
OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.
Source : NVD
## 4.6
Score
Published January 7, 2026
Severity MEDIUM
CNA Score 4.6
Affected Technologies
OpenLDAP
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EP
Bugzilla
CVE-2020-25709 openldap: assertion failure in Certificate List syntax validation
bugzilla·2020-11-19·CVSS 7.5
CVE-2020-25709 [HIGH] CVE-2020-25709 openldap: assertion failure in Certificate List syntax validation
CVE-2020-25709 openldap: assertion failure in Certificate List syntax validation
A malicious packet can force OpenLDAP to fail an assertion in certificateListValidate function in servers/slapd/schema_init.c.
Reference:
https://bugs.openldap.org/show_bug.cgi?id=9383
Upstream patch:
https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65
Discussion:
External References:
https://git.openldap.org/openldap/openldap/-/commit/ab3915154e69920d480205b4bf5ccb2b391a0a1f#a2feb6ed0257c21c6672793ee2f94eaadc10c72c
---
Statement:
This flaw does not affect Red Hat Enterprise Linux 8 because the slapd server is not shipped in the Red Hat Enterprise Linux 8 repositories.
---
This bug is now closed. Further updates for individual products will be reflected on th
http://seclists.org/fulldisclosure/2021/Feb/14https://bugzilla.redhat.com/show_bug.cgi?id=1899675https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2020/12/msg00008.htmlhttps://security.netapp.com/advisory/ntap-20210716-0003/https://support.apple.com/kb/HT212147https://www.debian.org/security/2020/dsa-4792http://seclists.org/fulldisclosure/2021/Feb/14https://bugzilla.redhat.com/show_bug.cgi?id=1899675https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2020/12/msg00008.htmlhttps://security.netapp.com/advisory/ntap-20210716-0003/https://support.apple.com/kb/HT212147https://www.debian.org/security/2020/dsa-4792
2021-05-18
Published