CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2020-36224
https://notcve.org/view.php?id=CVE-2020-36224
A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando a la liberación de un puntero no válido y un bloqueo de slapd en el procesamiento saslAuthzTo, resultando en una denegación de servicio • http://seclists.org/fulldisclosure/2021/May/64 http://seclists.org/fulldisclosure/2021/May/65 http://seclists.org/fulldisclosure/2021/May/70 https://bugs.openldap.org/show_bug.cgi?id=9409 https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26 https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 https://git.openldap.org/openldap/openldap/-/comm • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2020-36225
https://notcve.org/view.php?id=CVE-2020-36225
A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando a una doble liberación y un bloqueo de slapd en el procesamiento de saslAuthzTo, resultando en una denegación de servicio • http://seclists.org/fulldisclosure/2021/May/64 http://seclists.org/fulldisclosure/2021/May/65 http://seclists.org/fulldisclosure/2021/May/70 https://bugs.openldap.org/show_bug.cgi?id=9412 https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26 https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 https://git.openldap.org/openldap/openldap/-/comm • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-36226
https://notcve.org/view.php?id=CVE-2020-36226
A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando un cálculo inapropiado de memch-)bv_len y un bloqueo de slapd en el procesamiento de saslAuthzTo, resultando en una denegación de servicio • http://seclists.org/fulldisclosure/2021/May/64 http://seclists.org/fulldisclosure/2021/May/65 http://seclists.org/fulldisclosure/2021/May/70 https://bugs.openldap.org/show_bug.cgi?id=9413 https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26 https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 https://git.openldap.org/openldap/openldap/-/comm •
CVSS: 7.5EPSS: 9%CPEs: 4EXPL: 0CVE-2020-36228
https://notcve.org/view.php?id=CVE-2020-36228
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. Se detectó un subdesbordamiento de enteros en OpenLDAP versiones anteriores a 2.4.57, conllevando un bloqueo de slapd en el procesamiento de Certificate List Exact Assertion, resultando en una denegación de servicio • http://seclists.org/fulldisclosure/2021/May/64 http://seclists.org/fulldisclosure/2021/May/65 http://seclists.org/fulldisclosure/2021/May/70 https://bugs.openldap.org/show_bug.cgi?id=9427 https://git.openldap.org/openldap/openldap/-/commit/91dccd25c347733b365adc74cb07d074512ed5ad https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 4%CPEs: 22EXPL: 0CVE-2020-36229
https://notcve.org/view.php?id=CVE-2020-36229
A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. Se detectó un fallo en ldap_X509dn2bv en OpenLDAP versiones anteriores a 2.4.57, conllevando un bloqueo de slapd en el análisis del DN X.509 en ad_keystring, resultando en una denegación de servicio • http://seclists.org/fulldisclosure/2021/May/64 http://seclists.org/fulldisclosure/2021/May/65 http://seclists.org/fulldisclosure/2021/May/70 https://bugs.openldap.org/show_bug.cgi?id=9425 https://git.openldap.org/openldap/openldap/-/commit/4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0 https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •