CVE-2021-27212

Ubuntu Security Notice USN-4744-1

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.

En OpenLDAP versiones hasta 2.4.57 y versiones 2.5.x hasta 2.5.1alpha, puede ocurrir un fallo de aserción en slapd en la función issuerAndThisUpdateCheck por medio de un paquete diseñado, resultando en una denegación de servicio (salida del demonio) por medio de una marca de tiempo corta. Esto está relacionado con el archivo schema_init.c y checkTime

A vulnerability in the Certificate List Exact Assertion validation was discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of this flaw to cause a denial of service (slapd daemon crash) via specially crafted packets.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-02-14 CVE Reserved
2021-02-14 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-617: Reachable Assertion

CAPEC

References (8)

URL	Tag	Source
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E	Mailing List
https://lists.debian.org/debian-lts-announce/2021/02/msg00035.html	Mailing List
https://security.netapp.com/advisory/ntap-20210319-0005	Third Party Advisory

URL	Date	SRC
https://bugs.openldap.org/show_bug.cgi?id=9454	2024-08-03

URL	Date	SRC
https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0	2023-11-07
https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30	2023-11-07

URL	Date	SRC
https://www.debian.org/security/2021/dsa-4860	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openldap Search vendor "Openldap"		Openldap Search vendor "Openldap" for product "Openldap"				<= 2.4.57 Search vendor "Openldap" for product "Openldap" and version " <= 2.4.57"		-		Affected
Openldap Search vendor "Openldap"		Openldap Search vendor "Openldap" for product "Openldap"				2.5.0 Search vendor "Openldap" for product "Openldap" and version "2.5.0"		alpha		Affected
Openldap Search vendor "Openldap"		Openldap Search vendor "Openldap" for product "Openldap"				2.5.1 Search vendor "Openldap" for product "Openldap" and version "2.5.1"		alpha		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected