CVE-2020-36221 — HIGH (7.5)

Q: How severe is CVE-2020-36221?

CVE-2020-36221 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-36221?

Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap, Debian Debian Linux, Apple Mac Os X, Apple Macos.

Vulnerability Description

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openldap	Openldap	< 2.4.57
Debian	Debian Linux	9.0
Apple	Mac Os X	>= 10.14.0, < 10.14.6
Apple	Macos	>= 11.1, < 11.4

Related Weaknesses (CWE)

CWE-191

References

http://seclists.org/fulldisclosure/2021/May/64Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2021/May/65Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2021/May/70Mailing ListThird Party Advisory
https://bugs.openldap.org/show_bug.cgi?id=9404Issue TrackingVendor Advisory
https://bugs.openldap.org/show_bug.cgi?id=9424Issue TrackingVendor Advisory
https://git.openldap.org/openldap/openldap/-/commit/38ac838e4150c626bbfa0082b7e2PatchVendor Advisory
https://git.openldap.org/openldap/openldap/-/commit/58c1748e81c843c5b6e61648d2a4PatchVendor Advisory
https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57Release NotesVendor Advisory
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8
https://lists.debian.org/debian-lts-announce/2021/02/msg00005.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20210226-0002/Third Party Advisory
https://support.apple.com/kb/HT212529Third Party Advisory
https://support.apple.com/kb/HT212530Third Party Advisory
https://support.apple.com/kb/HT212531Third Party Advisory

FAQ

What is CVE-2020-36221?

CVE-2020-36221 is a vulnerability with a CVSS score of 7.5 (HIGH). An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssue...

How severe is CVE-2020-36221?

CVE-2020-36221 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-36221?

Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap, Debian Debian Linux, Apple Mac Os X, Apple Macos.