CVE-2020-36228

CWE-19112 documents9 sources

Severity

7.5HIGH

EPSS

66.2%

top 1.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Openldap Openldap Debian Debian Linux

Timeline

PublishedJan 26

Latest updateAug 17

Description

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDopenldap/openldap< 2.4.57

▶Debianopenldap< 2.4.57+dfsg-1+3

▶NVDapple/macos11.1 — 11.4

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: git.openldap.org ↗Patch: git.openldap.org ↗

🔴Vulnerability Details

GHSA

GHSA-46gp-cxcx-7c88: An integer underflow was discovered in OpenLDAP before 2↗2022-05-24

▶

OSV

CVE-2020-36228: An integer underflow was discovered in OpenLDAP before 2↗2021-01-26

▶

CVEList

CVE-2020-36228: An integer underflow was discovered in OpenLDAP before 2↗2021-01-25

▶

📋Vendor Advisories

Ubuntu

OpenLDAP vulnerabilities↗2025-08-17

▶

Apple

CVE-2020-36228: Security Update 2021-004 Mojave↗2021-05-24

▶

Apple

CVE-2020-36228: macOS Big Sur 11.4↗2021-05-24

▶

Apple

CVE-2020-36228: Security Update 2021-003 Catalina↗2021-05-24

▶

Ubuntu

OpenLDAP vulnerabilities↗2021-02-08

▶