Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 767184 (CVE-2020-36221, CVE-2020-36222, CVE-2020-36223, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228, CVE-2020-36229, CVE-2020-36230) - <net-nds/openldap-2.4.57: Multiple vulnerabilities
Summary: <net-nds/openldap-2.4.57: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2020-36221, CVE-2020-36222, CVE-2020-36223, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228, CVE-2020-36229, CVE-2020-36230
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-25 20:02 UTC by Sam James
Modified: 2021-01-26 09:54 UTC (History)
2 users (show)

See Also:
Package list:
net-nds/openldap-2.4.57 *
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-01-25 20:02:25 UTC
* CVE-2020-36230

Description:
"A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9423

* CVE-2020-36229

Description:
"A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9425

* CVE-2020-36228

Description:
"An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9427

* CVE-2020-36227

Description:
"A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9428

* CVE-2020-36226

Description:
"A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9413

* CVE-2020-36225

Description:
"A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9412

* CVE-2020-36224

Description:
"A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9409

* CVE-2020-36223

Description:
"A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read)."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9408

* CVE-2020-36222

Description:
"A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9406
Bug: https://bugs.openldap.org/show_bug.cgi?id=9407

* CVE-2020-36221

Description:
"An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck)."

Bug: https://bugs.openldap.org/show_bug.cgi?id=9404
Bug: https://bugs.openldap.org/show_bug.cgi?id=9424
Comment 1 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2021-01-26 09:54:32 UTC
Done.