Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 767184 (CVE-2020-36221, CVE-2020-36222, CVE-2020-36223, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228, CVE-2020-36229, CVE-2020-36230) - <net-nds/openldap-2.4.57: Multiple vulnerabilities
Summary: <net-nds/openldap-2.4.57: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2020-36221, CVE-2020-36222, CVE-2020-36223, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228, CVE-2020-36229, CVE-2020-36230
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-25 20:02 UTC by Sam James
Modified: 2021-01-26 09:54 UTC (History)
2 users (show)

See Also:
Package list:
net-nds/openldap-2.4.57 *
Runtime testing required: ---
nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-25 20:02:25 UTC 
* CVE-2020-36230

Description:
"A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9423

* CVE-2020-36229

Description:
"A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9425

* CVE-2020-36228

Description:
"An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9427

* CVE-2020-36227

Description:
"A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9428

* CVE-2020-36226

Description:
"A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9413

* CVE-2020-36225

Description:
"A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9412

* CVE-2020-36224

Description:
"A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9409

* CVE-2020-36223

Description:
"A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read)."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9408

* CVE-2020-36222

Description:
"A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9406
Bug: https://bugs.openldap.org/show_bug.cgi?id=9407

* CVE-2020-36221

Description:
"An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck)."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9404
Bug: https://bugs.openldap.org/show_bug.cgi?id=9424
Comment 1 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2021-01-26 09:54:32 UTC 
Done.