CVE-2020-25710 — HIGH (7.5)

Q: How severe is CVE-2020-25710?

CVE-2020-25710 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-25710?

Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap, Redhat Jboss Core Services, Redhat Jboss Enterprise Application Platform, Redhat Jboss Enterprise Web Server, Redhat Enterprise Linux.

Vulnerability Description

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openldap	Openldap	< 2.4.56
Redhat	Jboss Core Services	-
Redhat	Jboss Enterprise Application Platform	5.0.0
Redhat	Jboss Enterprise Web Server	2.0.0
Redhat	Enterprise Linux	5.0
Debian	Debian Linux	9.0
Fedoraproject	Fedora	33

Related Weaknesses (CWE)

CWE-617

References

https://bugzilla.redhat.com/show_bug.cgi?id=1899678Issue TrackingPatchThird Party Advisory
https://git.openldap.org/openldap/openldap/-/commit/ab3915154e69920d480205b4bf5cPatchVendor Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8
https://lists.debian.org/debian-lts-announce/2020/12/msg00008.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20210716-0003/Third Party Advisory
https://www.debian.org/security/2020/dsa-4792Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1899678Issue TrackingPatchThird Party Advisory
https://git.openldap.org/openldap/openldap/-/commit/ab3915154e69920d480205b4bf5cPatchVendor Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8
https://lists.debian.org/debian-lts-announce/2020/12/msg00008.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20210716-0003/Third Party Advisory
https://www.debian.org/security/2020/dsa-4792Third Party Advisory

FAQ

What is CVE-2020-25710?

CVE-2020-25710 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest thr...

How severe is CVE-2020-25710?

CVE-2020-25710 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-25710?

Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap, Redhat Jboss Core Services, Redhat Jboss Enterprise Application Platform, Redhat Jboss Enterprise Web Server, Redhat Enterprise Linux.