CVE-2020-25710
published 2021-05-28CVE-2020-25710: A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | openldap | < openldap 2.4.56+dfsg-1 (bookworm) | openldap 2.4.56+dfsg-1 (bookworm) |
| fedoraproject | fedora | — | — |
| openldap | openldap | < 2.4.56 | 2.4.56 |
| openldap | openldap | — | — |
| openldap | openldap | >= 0 < 2.4.56+dfsg-1 | 2.4.56+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.56+dfsg-1 | 2.4.56+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.56+dfsg-1 | 2.4.56+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.56+dfsg-1 | 2.4.56+dfsg-1 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_web_server | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH