cbcvebase.
CVE-2021-27212
published 2021-02-14

CVE-2021-27212: In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet…

PriorityP356high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
64.15%
99.1th percentile
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.

Affected

19 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianopenldap< openldap 2.4.57+dfsg-2 (bookworm)openldap 2.4.57+dfsg-2 (bookworm)
msrcopenldap-2.4.57-2.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm
msrcopenldap-2.4.57-2.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64
msrcopenldap-2.4.57-6.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm
msrcopenldap-2.4.57-6.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64
msrcopenldap-debuginfo-2.4.57-2.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm
msrcopenldap-debuginfo-2.4.57-2.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64
msrcopenldap-debuginfo-2.4.57-6.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm
msrcopenldap-debuginfo-2.4.57-6.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64
openldapopenldap<= 2.4.57
openldapopenldap
openldapopenldap
openldapopenldap>= 0 < 2.4.57+dfsg-22.4.57+dfsg-2
openldapopenldap>= 0 < 2.4.57+dfsg-22.4.57+dfsg-2
openldapopenldap>= 0 < 2.4.57+dfsg-22.4.57+dfsg-2
openldapopenldap>= 0 < 2.4.57+dfsg-22.4.57+dfsg-2
openldapopenldap>= 0 < 2.4.31-1+nmu2ubuntu8.5+esm82.4.31-1+nmu2ubuntu8.5+esm8

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger point is the issuerAndThisUpdateCheck function in slapd — an assertion failure there (via schema_init.c / checkTime) indicates exploitation of this CVE
  • The attack vector is a crafted network packet containing a short/malformed timestamp sent to the slapd LDAP daemon; monitor slapd process for unexpected assertion-triggered exits
  • OpenLDAP incorrectly handled certain short timestamps — inspect LDAP traffic for anomalously short timestamp fields in X.509-related requests (e.g., CRL/OCSP thisUpdate fields)
  • ·Red Hat Enterprise Linux 8 and 9 are NOT affected because the OpenLDAP-servers package (which contains slapd) was not shipped; only client-side openldap packages are present
  • ·Vulnerable versions are OpenLDAP ≤ 2.4.57 and 2.5.x through 2.5.1alpha; Debian fixed the issue in 2.4.57+dfsg-2

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.