CVE-2020-36228
published 2021-01-26CVE-2020-36228: An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial…
PriorityP356high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
83.38%
99.6th percentile
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | >= 11.1 < 11.4 | 11.4 |
| apple | macos_big_sur | — | — |
| apple | security_update_2021-003_catalina | — | — |
| apple | security_update_2021-004_mojave | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | openldap | < openldap 2.4.57+dfsg-1 (bookworm) | openldap 2.4.57+dfsg-1 (bookworm) |
| msrc | cm1_openldap_2.4.57-2_on_cbl_mariner_1.0 | — | — |
| openldap | openldap | < 2.4.57 | 2.4.57 |
| openldap | openldap | >= 0 < 2.4.57+dfsg-1 | 2.4.57+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.57+dfsg-1 | 2.4.57+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.57+dfsg-1 | 2.4.57+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.57+dfsg-1 | 2.4.57+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.42+dfsg-2ubuntu3.12 | 2.4.42+dfsg-2ubuntu3.12 |
| openldap | openldap | >= 0 < 2.4.45+dfsg-1ubuntu1.9 | 2.4.45+dfsg-1ubuntu1.9 |
| openldap | openldap | >= 0 < 2.4.49+dfsg-2ubuntu1.6 | 2.4.49+dfsg-2ubuntu1.6 |
| openldap | openldap | >= 0 < 2.4.31-1+nmu2ubuntu8.5+esm7 | 2.4.31-1+nmu2ubuntu8.5+esm7 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability resides in the Certificate List Exact Assertion processing path within slapd (OpenLDAP daemon); monitor for unexpected slapd crashes which may indicate exploitation attempts triggering the integer underflow in issuerAndThisUpdateCheck in schema_init.c ↗
- →Affected function is issuerAndThisUpdateCheck in schema_init.c; focus code review and runtime monitoring on this function within slapd ↗
- ·Red Hat Enterprise Linux 8 and 9 are not affected because the slapd server is not shipped in those versions; only environments running slapd (e.g., RHEL 6/7, Debian, macOS, Azure Linux/CBL-Mariner) are at risk ↗
- ·Fixed in OpenLDAP 2.4.57; ensure slapd is upgraded to at least this version across all affected platforms ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
openldap vulnerabilities
osv·2025-08-17·CVSS 7.5
CVE-2020-36221 [HIGH] openldap vulnerabilities
openldap vulnerabilities
It was discovered that OpenLDAP incorrectly handled Certificate Exact
Assertion processing. A remote attacker could possibly use this issue to
cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36221)
It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing.
A remote attacker could use this issue to cause OpenLDAP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
It was discovered that OpenLDAP incorrectly handled Return Filter control
handling. A remote attacker could use this issue to cause OpenLDAP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2020-36223)
It was discovered that OpenLDAP inco
GHSA
GHSA-46gp-cxcx-7c88: An integer underflow was discovered in OpenLDAP before 2
ghsa_unreviewed·2022-05-24
CVE-2020-36228 [HIGH] CWE-191 GHSA-46gp-cxcx-7c88: An integer underflow was discovered in OpenLDAP before 2
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.
OSV
openldap vulnerabilities
osv·2021-02-08·CVSS 7.5
CVE-2020-36221 [HIGH] openldap vulnerabilities
openldap vulnerabilities
It was discovered that OpenLDAP incorrectly handled Certificate Exact
Assertion processing. A remote attacker could possibly use this issue to
cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36221)
It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing.
A remote attacker could use this issue to cause OpenLDAP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
It was discovered that OpenLDAP incorrectly handled Return Filter control
handling. A remote attacker could use this issue to cause OpenLDAP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2020-36223)
It was discovered that OpenLDAP inco
OSV
CVE-2020-36228: An integer underflow was discovered in OpenLDAP before 2
osv·2021-01-26·CVSS 7.5
CVE-2020-36228 [HIGH] CVE-2020-36228: An integer underflow was discovered in OpenLDAP before 2
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.
Ubuntu
OpenLDAP vulnerabilities
vendor_ubuntu·2025-08-17·CVSS 7.5
CVE-2020-36221 [HIGH] OpenLDAP vulnerabilities
Title: OpenLDAP vulnerabilities
Summary: Several security issues were fixed in OpenLDAP.
It was discovered that OpenLDAP incorrectly handled Certificate Exact
Assertion processing. A remote attacker could possibly use this issue to
cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36221)
It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing.
A remote attacker could use this issue to cause OpenLDAP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
It was discovered that OpenLDAP incorrectly handled Return Filter control
handling. A remote attacker could use this issue to cause OpenLDAP to
crash, resulting in a denial of service, or possibly execute arbit
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
cisa_ics·2023-12-14
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Release DateDecember 14, 2023
Alert CodeICSA-23-348-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
- Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss
Apple
CVE-2020-36228: Security Update 2021-004 Mojave
vendor_apple·2021-05-24·CVSS 7.5
CVE-2020-36228 [HIGH] CVE-2020-36228: Security Update 2021-004 Mojave
Apple Security Update: About the security content of Security Update 2021-004 Mojave
Product: Security Update 2021-004 Mojave
CVE: CVE-2020-36228
Component: CVE-2020-36228
Apple
CVE-2020-36228: macOS Big Sur 11.4
vendor_apple·2021-05-24·CVSS 7.5
CVE-2020-36228 [HIGH] CVE-2020-36228: macOS Big Sur 11.4
Apple Security Update: About the security content of macOS Big Sur 11.4
Product: macOS Big Sur
Version: 11.4
CVE: CVE-2020-36228
Component: CVE-2020-36228
Apple
CVE-2020-36228: Security Update 2021-003 Catalina
vendor_apple·2021-05-24·CVSS 7.5
CVE-2020-36228 [HIGH] CVE-2020-36228: Security Update 2021-003 Catalina
Apple Security Update: About the security content of Security Update 2021-003 Catalina
Product: Security Update 2021-003 Catalina
CVE: CVE-2020-36228
Component: CVE-2020-36228
Ubuntu
OpenLDAP vulnerabilities
vendor_ubuntu·2021-02-08·CVSS 7.5
CVE-2020-36223 [HIGH] OpenLDAP vulnerabilities
Title: OpenLDAP vulnerabilities
Summary: Several security issues were fixed in OpenLDAP.
It was discovered that OpenLDAP incorrectly handled Certificate Exact
Assertion processing. A remote attacker could possibly use this issue to
cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36221)
It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing.
A remote attacker could use this issue to cause OpenLDAP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
It was discovered that OpenLDAP incorrectly handled Return Filter control
handling. A remote attacker could use this issue to cause OpenLDAP to
crash, resulting in a denial of service, or possibly execute arbit
Red Hat
openldap: Integer underflow in issuerAndThisUpdateCheck in schema_init.c
vendor_redhat·2021-01-26·CVSS 7.5
CVE-2020-36228 [HIGH] CWE-191 openldap: Integer underflow in issuerAndThisUpdateCheck in schema_init.c
openldap: Integer underflow in issuerAndThisUpdateCheck in schema_init.c
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.
Statement: This flaw does not affect openldap as shipped with Red Hat Enterprise Linux 8 because the slapd server is not shipped. While Red Hat Enterprise Linux 7 does ship the slapd server, this flaw is out of support scope for Red Hat Enterprise Linux 7 and earlier. For more information on support scope, see https://access.redhat.com/support/policy/updates/errata/ .
Package: compat-openldap (Red Hat Enterprise Linux 6) - Out of support scope
Package: openldap (Red Hat Enterprise Linux 6) - Out of support scope
Package: compat-openldap (Red Hat
Microsoft
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing resulting in denial of service.
vendor_msrc·2021-01-12·CVSS 7.5
CVE-2020-36228 [HIGH] CWE-191 An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing resulting in denial of service.
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing resulting in denial of service.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner:
Debian
CVE-2020-36228: openldap - An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd...
vendor_debian·2020·CVSS 7.5
CVE-2020-36228 [HIGH] CVE-2020-36228: openldap - An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd...
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.
Scope: local
bookworm: resolved (fixed in 2.4.57+dfsg-1)
bullseye: resolved (fixed in 2.4.57+dfsg-1)
forky: resolved (fixed in 2.4.57+dfsg-1)
sid: resolved (fixed in 2.4.57+dfsg-1)
trixie: resolved (fixed in 2.4.57+dfsg-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2021/May/64http://seclists.org/fulldisclosure/2021/May/65http://seclists.org/fulldisclosure/2021/May/70https://bugs.openldap.org/show_bug.cgi?id=9427https://git.openldap.org/openldap/openldap/-/commit/91dccd25c347733b365adc74cb07d074512ed5adhttps://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2021/02/msg00005.htmlhttps://security.netapp.com/advisory/ntap-20210226-0002/https://support.apple.com/kb/HT212529https://support.apple.com/kb/HT212530https://support.apple.com/kb/HT212531https://www.debian.org/security/2021/dsa-4845http://seclists.org/fulldisclosure/2021/May/64http://seclists.org/fulldisclosure/2021/May/65http://seclists.org/fulldisclosure/2021/May/70https://bugs.openldap.org/show_bug.cgi?id=9427https://git.openldap.org/openldap/openldap/-/commit/91dccd25c347733b365adc74cb07d074512ed5adhttps://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2021/02/msg00005.htmlhttps://security.netapp.com/advisory/ntap-20210226-0002/https://support.apple.com/kb/HT212529https://support.apple.com/kb/HT212530https://support.apple.com/kb/HT212531https://www.debian.org/security/2021/dsa-4845
2021-01-26
Published