Vulnerability Description
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openldap | Openldap | <= 2.4.57 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://bugs.openldap.org/show_bug.cgi?id=9454ExploitIssue TrackingVendor Advisory
- https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2cPatchVendor Advisory
- https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9cPatchVendor Advisory
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8
- https://lists.debian.org/debian-lts-announce/2021/02/msg00035.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20210319-0005/Third Party Advisory
- https://www.debian.org/security/2021/dsa-4860Third Party Advisory
- https://bugs.openldap.org/show_bug.cgi?id=9454ExploitIssue TrackingVendor Advisory
- https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2cPatchVendor Advisory
- https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9cPatchVendor Advisory
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8
- https://lists.debian.org/debian-lts-announce/2021/02/msg00035.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20210319-0005/Third Party Advisory
FAQ
What is CVE-2021-27212?
CVE-2021-27212 is a vulnerability with a CVSS score of 7.5 (HIGH). In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon...
How severe is CVE-2021-27212?
CVE-2021-27212 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27212?
Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap, Debian Debian Linux.