Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2020-25710

Published: 28/05/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openldap

Vulnerability Summary

A flaw was found in OpenLDAP in versions prior to 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openldap openldap

redhat enterprise linux 7.0

redhat enterprise linux 6.0

redhat jboss enterprise web server 2.0.0

redhat enterprise linux 5.0

redhat jboss enterprise application platform 5.0.0

redhat jboss core services -

debian debian linux 9.0

fedoraproject fedora 33

Vendor Advisories

Debian Security Advisories: DSA-4792-1 openldap -- security update
Two vulnerabilities in the certificate list syntax verification and in the handling of CSN normalization were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol An unauthenticated remote attacker can take advantage of these flaws to cause a denial of service (slapd daemon crash) via specially crafted packets ...
Red Hat: Moderate: openldap security update
Synopsis Moderate: openldap security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openldap is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Important: Red Hat OpenShift GitOps security update
Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 12 (GitOps v123)Re ...
Red Hat: Important: Red Hat OpenShift GitOps security update
Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 13OpenShift GitOps v136 for OCP 47+Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 2211 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 2211 General Availability release images, which provide one or more container updates and bug fixesRed Hat Product Security has rated this update as ...
Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update
Synopsis Moderate: Migration Toolkit for Containers (MTC) 154 security update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 154 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score, whichg ...
Amazon Linux 2: ALAS2-2022-1770
A flaw was found in OpenLDAP This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger an assertion failure The highest threat from this vulnerability is to system availability (CVE-2020-25709) A flaw was found in OpenLDAP This flaw allows an attacker who sends a malicious packet process ...

ICS Advisories

Hitachi Energy System Data Manager
Critical Infrastructure Sectors: Energy
https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-617https://lists.debian.org/debian-lts-announce/2020/12/msg00008.htmlhttps://git.openldap.org/openldap/openldap/-/commit/ab3915154e69920d480205b4bf5ccb2b391a0a1f#a2feb6ed0257c21c6672793ee2f94eaadc10c72chttps://www.debian.org/security/2020/dsa-4792https://bugzilla.redhat.com/show_bug.cgi?id=1899678https://security.netapp.com/advisory/ntap-20210716-0003/https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://nvd.nist.govhttps://www.debian.org/security/2020/dsa-4792https://www.cisa.gov/uscert/ics/advisories/icsa-22-116-01
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook