CVSS: 7.5EPSS: 4%CPEs: 22EXPL: 0CVE-2020-36221
https://notcve.org/view.php?id=CVE-2020-36221
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). Se detectó un subdesbordamiento de enteros en OpenLDAP versiones anteriores a 2.4.57, conllevando bloqueos de slapd en el procesamiento de Certificate Exact Assertion, resultando en una denegación de servicio (serialNumberAndIssuerCheck de schema_init.c) • http://seclists.org/fulldisclosure/2021/May/64 http://seclists.org/fulldisclosure/2021/May/65 http://seclists.org/fulldisclosure/2021/May/70 https://bugs.openldap.org/show_bug.cgi?id=9404 https://bugs.openldap.org/show_bug.cgi?id=9424 https://git.openldap.org/openldap/openldap/-/commit/38ac838e4150c626bbfa0082b7e2cf3a2bb4df31 https://git.openldap.org/openldap/openldap/-/commit/58c1748e81c843c5b6e61648d2a4d1d82b47e842 https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 3%CPEs: 22EXPL: 0CVE-2020-36222
https://notcve.org/view.php?id=CVE-2020-36222
A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando a un fallo de aserción en slapd en la comprobación de saslAuthzTo, resultando en una denegación de servicio • http://seclists.org/fulldisclosure/2021/May/64 http://seclists.org/fulldisclosure/2021/May/65 http://seclists.org/fulldisclosure/2021/May/70 https://bugs.openldap.org/show_bug.cgi?id=9406 https://bugs.openldap.org/show_bug.cgi?id=9407 https://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0 https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed.a • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2020-36224
https://notcve.org/view.php?id=CVE-2020-36224
A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando a la liberación de un puntero no válido y un bloqueo de slapd en el procesamiento saslAuthzTo, resultando en una denegación de servicio • http://seclists.org/fulldisclosure/2021/May/64 http://seclists.org/fulldisclosure/2021/May/65 http://seclists.org/fulldisclosure/2021/May/70 https://bugs.openldap.org/show_bug.cgi?id=9409 https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26 https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 https://git.openldap.org/openldap/openldap/-/comm • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-36226
https://notcve.org/view.php?id=CVE-2020-36226
A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. Se detectó un fallo en OpenLDAP versiones anteriores a 2.4.57, conllevando un cálculo inapropiado de memch-)bv_len y un bloqueo de slapd en el procesamiento de saslAuthzTo, resultando en una denegación de servicio • http://seclists.org/fulldisclosure/2021/May/64 http://seclists.org/fulldisclosure/2021/May/65 http://seclists.org/fulldisclosure/2021/May/70 https://bugs.openldap.org/show_bug.cgi?id=9413 https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26 https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 https://git.openldap.org/openldap/openldap/-/comm •
CVSS: 7.5EPSS: 4%CPEs: 22EXPL: 0CVE-2020-36229
https://notcve.org/view.php?id=CVE-2020-36229
A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. Se detectó un fallo en ldap_X509dn2bv en OpenLDAP versiones anteriores a 2.4.57, conllevando un bloqueo de slapd en el análisis del DN X.509 en ad_keystring, resultando en una denegación de servicio • http://seclists.org/fulldisclosure/2021/May/64 http://seclists.org/fulldisclosure/2021/May/65 http://seclists.org/fulldisclosure/2021/May/70 https://bugs.openldap.org/show_bug.cgi?id=9425 https://git.openldap.org/openldap/openldap/-/commit/4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0 https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •