CVE-2020-36230
published 2021-01-26CVE-2020-36230: A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
12.29%
95.7th percentile
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | bookkeeper | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | >= 10.14.0 < 10.14.6 | 10.14.6 |
| apple | macos | >= 11.1 < 11.4 | 11.4 |
| apple | macos_big_sur | — | — |
| apple | security_update_2021-003_catalina | — | — |
| apple | security_update_2021-004_mojave | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | openldap | < openldap 2.4.57+dfsg-1 (bookworm) | openldap 2.4.57+dfsg-1 (bookworm) |
| msrc | cm1_openldap_2.4.57-2_on_cbl_mariner_1.0 | — | — |
| openldap | openldap | < 2.4.57 | 2.4.57 |
| openldap | openldap | >= 0 < 2.4.57+dfsg-1 | 2.4.57+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.57+dfsg-1 | 2.4.57+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.57+dfsg-1 | 2.4.57+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.57+dfsg-1 | 2.4.57+dfsg-1 |
| openldap | openldap | >= 0 < 2.4.42+dfsg-2ubuntu3.12 | 2.4.42+dfsg-2ubuntu3.12 |
| openldap | openldap | >= 0 < 2.4.45+dfsg-1ubuntu1.9 | 2.4.45+dfsg-1ubuntu1.9 |
| openldap | openldap | >= 0 < 2.4.49+dfsg-2ubuntu1.6 | 2.4.49+dfsg-2ubuntu1.6 |
| openldap | openldap | >= 0 < 2.4.31-1+nmu2ubuntu8.5+esm8 | 2.4.31-1+nmu2ubuntu8.5+esm8 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
OpenLDAP vulnerabilities
vendor_ubuntu·2025-08-24·CVSS 7.5
CVE-2021-27212 [HIGH] OpenLDAP vulnerabilities
Title: OpenLDAP vulnerabilities
Summary: Several security issues were fixed in OpenLDAP.
It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. A
remote attacker could possibly use this issue to cause OpenLDAP to crash,
resulting in a denial of service. (CVE-2020-36229, CVE-2020-36230)
Pasi Saarinen discovered that OpenLDAP incorrectly handled certain short
timestamps. A remote attacker could possibly use this issue to cause
OpenLDAP to crash, resulting in a denial of service. (CVE-2021-27212)
Instructions: In general, a standard system update will make all the necessary changes.
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
cisa_ics·2023-12-14
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Release DateDecember 14, 2023
Alert CodeICSA-23-348-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
- Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss
CISA ICS
Hitachi Energy System Data Manager
cisa_ics·2022-04-26·CVSS 7.5
[HIGH] Hitachi Energy System Data Manager
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hitachi Energy System Data Manager
Last RevisedApril 26, 2022
Alert CodeICSA-22-116-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: System Data Manager – SDM600
- Vulnerabilities: Integer Overflow or Wraparound, Reachable Assertion, Type Confusion, Uncontrolled Recursion, Observable Discrepancy
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to eavesdrop on traffic or to cause a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 A
CISA ICS
Hitachi Energy RTU500 OpenLDAP
cisa_ics·2022-01-06·CVSS 7.5
[HIGH] Hitachi Energy RTU500 OpenLDAP
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Hitachi Energy RTU500 OpenLDAP
Last RevisedJanuary 06, 2022
Alert CodeICSA-21-341-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: RTU500 Series
- Vulnerabilities: Type Confusion, Reachable Assertion
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could cause a denial-of-service condition in the affected version of the RTU500 series product.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of RTU500 Series, a remote terminal unit, are affec
Apple
CVE-2020-36230: macOS Big Sur 11.4
vendor_apple·2021-05-24·CVSS 7.5
CVE-2020-36230 [HIGH] CVE-2020-36230: macOS Big Sur 11.4
Apple Security Update: About the security content of macOS Big Sur 11.4
Product: macOS Big Sur
Version: 11.4
CVE: CVE-2020-36230
Component: CVE-2020-36230
Apple
CVE-2020-36230: Security Update 2021-003 Catalina
vendor_apple·2021-05-24·CVSS 7.5
CVE-2020-36230 [HIGH] CVE-2020-36230: Security Update 2021-003 Catalina
Apple Security Update: About the security content of Security Update 2021-003 Catalina
Product: Security Update 2021-003 Catalina
CVE: CVE-2020-36230
Component: CVE-2020-36230
Apple
CVE-2020-36230: Security Update 2021-004 Mojave
vendor_apple·2021-05-24·CVSS 7.5
CVE-2020-36230 [HIGH] CVE-2020-36230: Security Update 2021-004 Mojave
Apple Security Update: About the security content of Security Update 2021-004 Mojave
Product: Security Update 2021-004 Mojave
CVE: CVE-2020-36230
Component: CVE-2020-36230
Ubuntu
OpenLDAP vulnerabilities
vendor_ubuntu·2021-02-08·CVSS 7.5
CVE-2020-36223 [HIGH] OpenLDAP vulnerabilities
Title: OpenLDAP vulnerabilities
Summary: Several security issues were fixed in OpenLDAP.
It was discovered that OpenLDAP incorrectly handled Certificate Exact
Assertion processing. A remote attacker could possibly use this issue to
cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36221)
It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing.
A remote attacker could use this issue to cause OpenLDAP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
It was discovered that OpenLDAP incorrectly handled Return Filter control
handling. A remote attacker could use this issue to cause OpenLDAP to
crash, resulting in a denial of service, or possibly execute arbit
Red Hat
openldap: Assertion failure in ber_next_element in decode.c
vendor_redhat·2021-01-26·CVSS 7.5
CVE-2020-36230 [HIGH] CWE-617 openldap: Assertion failure in ber_next_element in decode.c
openldap: Assertion failure in ber_next_element in decode.c
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
Statement: This flaw does not affect openldap as shipped with Red Hat Enterprise Linux 8 because the slapd server is not shipped. While Red Hat Enterprise Linux 7 does ship the slapd server, this flaw is out of support scope for Red Hat Enterprise Linux 7 and earlier. For more information on support scope, see https://access.redhat.com/support/policy/updates/errata/ .
Package: compat-openldap (Red Hat Enterprise Linux 6) - Out of support scope
Package: openldap (Red Hat Enterprise Linux 6) - Out of support scope
Package: compat-openldap (Red Hat Enterpri
Microsoft
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element resulting in denial of service.
vendor_msrc·2021-01-12·CVSS 7.5
CVE-2020-36230 [HIGH] CWE-617 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element resulting in denial of service.
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element resulting in denial of service.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mari
Debian
CVE-2020-36230: openldap - A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure ...
vendor_debian·2020·CVSS 7.5
CVE-2020-36230 [HIGH] CVE-2020-36230: openldap - A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure ...
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
Scope: local
bookworm: resolved (fixed in 2.4.57+dfsg-1)
bullseye: resolved (fixed in 2.4.57+dfsg-1)
forky: resolved (fixed in 2.4.57+dfsg-1)
sid: resolved (fixed in 2.4.57+dfsg-1)
trixie: resolved (fixed in 2.4.57+dfsg-1)
OSV
openldap vulnerabilities
osv·2025-08-24·CVSS 7.5
CVE-2020-36229 [HIGH] openldap vulnerabilities
openldap vulnerabilities
It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. A
remote attacker could possibly use this issue to cause OpenLDAP to crash,
resulting in a denial of service. (CVE-2020-36229, CVE-2020-36230)
Pasi Saarinen discovered that OpenLDAP incorrectly handled certain short
timestamps. A remote attacker could possibly use this issue to cause
OpenLDAP to crash, resulting in a denial of service. (CVE-2021-27212)
GHSA
GHSA-5g5w-44wh-969g: A flaw was discovered in OpenLDAP before 2
ghsa_unreviewed·2022-05-24
CVE-2020-36230 [HIGH] CWE-617 GHSA-5g5w-44wh-969g: A flaw was discovered in OpenLDAP before 2
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
OSV
openldap vulnerabilities
osv·2021-02-08·CVSS 7.5
CVE-2020-36221 [HIGH] openldap vulnerabilities
openldap vulnerabilities
It was discovered that OpenLDAP incorrectly handled Certificate Exact
Assertion processing. A remote attacker could possibly use this issue to
cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36221)
It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing.
A remote attacker could use this issue to cause OpenLDAP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
It was discovered that OpenLDAP incorrectly handled Return Filter control
handling. A remote attacker could use this issue to cause OpenLDAP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2020-36223)
It was discovered that OpenLDAP inco
OSV
CVE-2020-36230: A flaw was discovered in OpenLDAP before 2
osv·2021-01-26·CVSS 7.5
CVE-2020-36230 [HIGH] CVE-2020-36230: A flaw was discovered in OpenLDAP before 2
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2021/May/64http://seclists.org/fulldisclosure/2021/May/65http://seclists.org/fulldisclosure/2021/May/70https://bugs.openldap.org/show_bug.cgi?id=9423https://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2021/02/msg00005.htmlhttps://security.netapp.com/advisory/ntap-20210226-0002/https://support.apple.com/kb/HT212529https://support.apple.com/kb/HT212530https://support.apple.com/kb/HT212531https://www.debian.org/security/2021/dsa-4845http://seclists.org/fulldisclosure/2021/May/64http://seclists.org/fulldisclosure/2021/May/65http://seclists.org/fulldisclosure/2021/May/70https://bugs.openldap.org/show_bug.cgi?id=9423https://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2021/02/msg00005.htmlhttps://security.netapp.com/advisory/ntap-20210226-0002/https://support.apple.com/kb/HT212529https://support.apple.com/kb/HT212530https://support.apple.com/kb/HT212531https://www.debian.org/security/2021/dsa-4845
2021-01-26
Published