CVE-2020-25710

CWE-617 — Reachable Assertion8 documents7 sources

Severity

7.5HIGH

EPSS

17.5%

top 4.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openldap Openldap Debian Debian Linux Fedoraproject Fedora +3 more

Timeline

PublishedMay 28

Latest updateMay 24

Description

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶NVDopenldap/openldap< 2.4.56

▶Debianopenldap< 2.4.56+dfsg-1+3

▶CVEListV5openldapopenldap 2.4.56

▶NVDredhat/jboss_enterprise_web_server2.0.0

▶NVDredhat/jboss_enterprise_application_platform5.0.0

Also affects: Debian Linux 9.0, Fedora 33, Enterprise Linux 5.0, 6.0, 7.0

Patches

Patch: bugzilla.redhat.com ↗Patch: git.openldap.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-8wg3-gqcw-9fq9: A flaw was found in OpenLDAP in versions before 2↗2022-05-24

▶

OSV

CVE-2020-25710: A flaw was found in OpenLDAP in versions before 2↗2021-05-28

▶

CVEList

CVE-2020-25710: A flaw was found in OpenLDAP in versions before 2↗2021-05-28

▶

📋Vendor Advisories

Ubuntu

OpenLDAP vulnerabilities↗2020-11-23

▶

Ubuntu

OpenLDAP vulnerabilities↗2020-11-17

▶

Red Hat

openldap: assertion failure in CSN normalization with invalid input↗2020-11-02

▶

Debian

CVE-2020-25710: openldap - A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an atta...↗2020

▶