SUSE update for openldap2
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212 |
| CWE-ID | CWE-191 CWE-617 CWE-415 CWE-763 CWE-399 CWE-835 CWE-843 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Server for SAP Operating systems & Components / Operating system SUSE Linux Enterprise Module for Legacy Software Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system SUSE CaaS Platform Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE Linux Enterprise Module for Development Tools Operating systems & Components / Operating system SUSE Linux Enterprise Module for Basesystem Operating systems & Components / Operating system openldap2-devel-32bit Operating systems & Components / Operating system package or component libldap-2_4-2-32bit-debuginfo Operating systems & Components / Operating system package or component libldap-2_4-2-32bit Operating systems & Components / Operating system package or component libldap-data Operating systems & Components / Operating system package or component openldap2-ppolicy-check-password-debuginfo Operating systems & Components / Operating system package or component openldap2-ppolicy-check-password Operating systems & Components / Operating system package or component openldap2-devel-static Operating systems & Components / Operating system package or component openldap2-devel Operating systems & Components / Operating system package or component openldap2-debugsource Operating systems & Components / Operating system package or component openldap2-debuginfo Operating systems & Components / Operating system package or component openldap2-client-debuginfo Operating systems & Components / Operating system package or component openldap2-client Operating systems & Components / Operating system package or component openldap2-back-perl-debuginfo Operating systems & Components / Operating system package or component openldap2-back-perl Operating systems & Components / Operating system package or component openldap2-back-meta-debuginfo Operating systems & Components / Operating system package or component openldap2-back-meta Operating systems & Components / Operating system package or component openldap2 Operating systems & Components / Operating system package or component libldap-2_4-2-debuginfo Operating systems & Components / Operating system package or component libldap-2_4-2 Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Integer underflow
EUVDB-ID: #VU50389
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36221
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow within the serialNumberAndIssuerCheck() function in schema_init.c. A remote attacker can send a specially crafted request to the affected application, trigger an integer underflow and crash the slapd.
Update the affected package openldap2 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise Module for Legacy Software: 15-SP2 - 15-SP3
SUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise High Performance Computing: 15-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Development Tools: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
openldap2-devel-32bit: before 2.4.46-9.48.1
libldap-2_4-2-32bit-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2-32bit: before 2.4.46-9.48.1
libldap-data: before 2.4.46-9.48.1
openldap2-ppolicy-check-password-debuginfo: before 1.2-9.48.1
openldap2-ppolicy-check-password: before 1.2-9.48.1
openldap2-devel-static: before 2.4.46-9.48.1
openldap2-devel: before 2.4.46-9.48.1
openldap2-debugsource: before 2.4.46-9.48.1
openldap2-debuginfo: before 2.4.46-9.48.1
openldap2-client-debuginfo: before 2.4.46-9.48.1
openldap2-client: before 2.4.46-9.48.1
openldap2-back-perl-debuginfo: before 2.4.46-9.48.1
openldap2-back-perl: before 2.4.46-9.48.1
openldap2-back-meta-debuginfo: before 2.4.46-9.48.1
openldap2-back-meta: before 2.4.46-9.48.1
openldap2: before 2.4.46-9.48.1
libldap-2_4-2-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2: before 2.4.46-9.48.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-ESPOS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_development_tools:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_basesystem:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:openldap2-devel-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-data:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel-static:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debugsource:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2:*:*:*:*:*:suse_linux:*:
http://www.suse.com/support/update/announcement/2021/suse-su-20210723-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Reachable Assertion
EUVDB-ID: #VU50390
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36222
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in slapd in the saslAuthzTo validation. A remote attacker can send a specially crafted request and perform a denial of service (DoS) attack.
Update the affected package openldap2 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise Module for Legacy Software: 15-SP2 - 15-SP3
SUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise High Performance Computing: 15-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Development Tools: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
openldap2-devel-32bit: before 2.4.46-9.48.1
libldap-2_4-2-32bit-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2-32bit: before 2.4.46-9.48.1
libldap-data: before 2.4.46-9.48.1
openldap2-ppolicy-check-password-debuginfo: before 1.2-9.48.1
openldap2-ppolicy-check-password: before 1.2-9.48.1
openldap2-devel-static: before 2.4.46-9.48.1
openldap2-devel: before 2.4.46-9.48.1
openldap2-debugsource: before 2.4.46-9.48.1
openldap2-debuginfo: before 2.4.46-9.48.1
openldap2-client-debuginfo: before 2.4.46-9.48.1
openldap2-client: before 2.4.46-9.48.1
openldap2-back-perl-debuginfo: before 2.4.46-9.48.1
openldap2-back-perl: before 2.4.46-9.48.1
openldap2-back-meta-debuginfo: before 2.4.46-9.48.1
openldap2-back-meta: before 2.4.46-9.48.1
openldap2: before 2.4.46-9.48.1
libldap-2_4-2-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2: before 2.4.46-9.48.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-ESPOS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_development_tools:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_basesystem:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:openldap2-devel-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-data:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel-static:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debugsource:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2:*:*:*:*:*:suse_linux:*:
http://www.suse.com/support/update/announcement/2021/suse-su-20210723-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Double Free
EUVDB-ID: #VU50391
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36223
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error during the Values Return Filter control handling. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack.
Update the affected package openldap2 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise Module for Legacy Software: 15-SP2 - 15-SP3
SUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise High Performance Computing: 15-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Development Tools: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
openldap2-devel-32bit: before 2.4.46-9.48.1
libldap-2_4-2-32bit-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2-32bit: before 2.4.46-9.48.1
libldap-data: before 2.4.46-9.48.1
openldap2-ppolicy-check-password-debuginfo: before 1.2-9.48.1
openldap2-ppolicy-check-password: before 1.2-9.48.1
openldap2-devel-static: before 2.4.46-9.48.1
openldap2-devel: before 2.4.46-9.48.1
openldap2-debugsource: before 2.4.46-9.48.1
openldap2-debuginfo: before 2.4.46-9.48.1
openldap2-client-debuginfo: before 2.4.46-9.48.1
openldap2-client: before 2.4.46-9.48.1
openldap2-back-perl-debuginfo: before 2.4.46-9.48.1
openldap2-back-perl: before 2.4.46-9.48.1
openldap2-back-meta-debuginfo: before 2.4.46-9.48.1
openldap2-back-meta: before 2.4.46-9.48.1
openldap2: before 2.4.46-9.48.1
libldap-2_4-2-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2: before 2.4.46-9.48.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-ESPOS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_development_tools:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_basesystem:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:openldap2-devel-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-data:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel-static:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debugsource:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2:*:*:*:*:*:suse_linux:*:
http://www.suse.com/support/update/announcement/2021/suse-su-20210723-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Release of invalid pointer or reference
EUVDB-ID: #VU50398
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36224
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to release of an invalid pointer when processing saslAuthzTo requests. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.
Update the affected package openldap2 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise Module for Legacy Software: 15-SP2 - 15-SP3
SUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise High Performance Computing: 15-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Development Tools: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
openldap2-devel-32bit: before 2.4.46-9.48.1
libldap-2_4-2-32bit-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2-32bit: before 2.4.46-9.48.1
libldap-data: before 2.4.46-9.48.1
openldap2-ppolicy-check-password-debuginfo: before 1.2-9.48.1
openldap2-ppolicy-check-password: before 1.2-9.48.1
openldap2-devel-static: before 2.4.46-9.48.1
openldap2-devel: before 2.4.46-9.48.1
openldap2-debugsource: before 2.4.46-9.48.1
openldap2-debuginfo: before 2.4.46-9.48.1
openldap2-client-debuginfo: before 2.4.46-9.48.1
openldap2-client: before 2.4.46-9.48.1
openldap2-back-perl-debuginfo: before 2.4.46-9.48.1
openldap2-back-perl: before 2.4.46-9.48.1
openldap2-back-meta-debuginfo: before 2.4.46-9.48.1
openldap2-back-meta: before 2.4.46-9.48.1
openldap2: before 2.4.46-9.48.1
libldap-2_4-2-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2: before 2.4.46-9.48.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-ESPOS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_development_tools:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_basesystem:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:openldap2-devel-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-data:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel-static:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debugsource:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2:*:*:*:*:*:suse_linux:*:
http://www.suse.com/support/update/announcement/2021/suse-su-20210723-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Double Free
EUVDB-ID: #VU50392
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36225
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the saslAuthzTo processing. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack
Update the affected package openldap2 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise Module for Legacy Software: 15-SP2 - 15-SP3
SUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise High Performance Computing: 15-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Development Tools: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
openldap2-devel-32bit: before 2.4.46-9.48.1
libldap-2_4-2-32bit-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2-32bit: before 2.4.46-9.48.1
libldap-data: before 2.4.46-9.48.1
openldap2-ppolicy-check-password-debuginfo: before 1.2-9.48.1
openldap2-ppolicy-check-password: before 1.2-9.48.1
openldap2-devel-static: before 2.4.46-9.48.1
openldap2-devel: before 2.4.46-9.48.1
openldap2-debugsource: before 2.4.46-9.48.1
openldap2-debuginfo: before 2.4.46-9.48.1
openldap2-client-debuginfo: before 2.4.46-9.48.1
openldap2-client: before 2.4.46-9.48.1
openldap2-back-perl-debuginfo: before 2.4.46-9.48.1
openldap2-back-perl: before 2.4.46-9.48.1
openldap2-back-meta-debuginfo: before 2.4.46-9.48.1
openldap2-back-meta: before 2.4.46-9.48.1
openldap2: before 2.4.46-9.48.1
libldap-2_4-2-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2: before 2.4.46-9.48.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-ESPOS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_development_tools:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_basesystem:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:openldap2-devel-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-data:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel-static:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debugsource:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2:*:*:*:*:*:suse_linux:*:
http://www.suse.com/support/update/announcement/2021/suse-su-20210723-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU50393
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36226
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application leading to a memch->bv_len miscalculation during saslAuthzTo processing. A remote attacker can send specially crafted request to the slapd and perform a denial of service (DoS) attack.
MitigationUpdate the affected package openldap2 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise Module for Legacy Software: 15-SP2 - 15-SP3
SUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise High Performance Computing: 15-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Development Tools: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
openldap2-devel-32bit: before 2.4.46-9.48.1
libldap-2_4-2-32bit-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2-32bit: before 2.4.46-9.48.1
libldap-data: before 2.4.46-9.48.1
openldap2-ppolicy-check-password-debuginfo: before 1.2-9.48.1
openldap2-ppolicy-check-password: before 1.2-9.48.1
openldap2-devel-static: before 2.4.46-9.48.1
openldap2-devel: before 2.4.46-9.48.1
openldap2-debugsource: before 2.4.46-9.48.1
openldap2-debuginfo: before 2.4.46-9.48.1
openldap2-client-debuginfo: before 2.4.46-9.48.1
openldap2-client: before 2.4.46-9.48.1
openldap2-back-perl-debuginfo: before 2.4.46-9.48.1
openldap2-back-perl: before 2.4.46-9.48.1
openldap2-back-meta-debuginfo: before 2.4.46-9.48.1
openldap2-back-meta: before 2.4.46-9.48.1
openldap2: before 2.4.46-9.48.1
libldap-2_4-2-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2: before 2.4.46-9.48.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-ESPOS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_development_tools:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_basesystem:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:openldap2-devel-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-data:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel-static:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debugsource:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2:*:*:*:*:*:suse_linux:*:
http://www.suse.com/support/update/announcement/2021/suse-su-20210723-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Infinite loop
EUVDB-ID: #VU50394
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36227
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in slapd with the cancel_extop Cancel operation. A remote attacker can send a specially crafted request and perform a denial of service conditions.
MitigationUpdate the affected package openldap2 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise Module for Legacy Software: 15-SP2 - 15-SP3
SUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise High Performance Computing: 15-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Development Tools: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
openldap2-devel-32bit: before 2.4.46-9.48.1
libldap-2_4-2-32bit-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2-32bit: before 2.4.46-9.48.1
libldap-data: before 2.4.46-9.48.1
openldap2-ppolicy-check-password-debuginfo: before 1.2-9.48.1
openldap2-ppolicy-check-password: before 1.2-9.48.1
openldap2-devel-static: before 2.4.46-9.48.1
openldap2-devel: before 2.4.46-9.48.1
openldap2-debugsource: before 2.4.46-9.48.1
openldap2-debuginfo: before 2.4.46-9.48.1
openldap2-client-debuginfo: before 2.4.46-9.48.1
openldap2-client: before 2.4.46-9.48.1
openldap2-back-perl-debuginfo: before 2.4.46-9.48.1
openldap2-back-perl: before 2.4.46-9.48.1
openldap2-back-meta-debuginfo: before 2.4.46-9.48.1
openldap2-back-meta: before 2.4.46-9.48.1
openldap2: before 2.4.46-9.48.1
libldap-2_4-2-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2: before 2.4.46-9.48.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-ESPOS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_development_tools:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_basesystem:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:openldap2-devel-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-data:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel-static:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debugsource:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2:*:*:*:*:*:suse_linux:*:
http://www.suse.com/support/update/announcement/2021/suse-su-20210723-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Integer underflow
EUVDB-ID: #VU50395
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36228
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow when processing the certificate list exact assertion. A remote attacker can send a specially crafted request to the slapd, trigger integer underflow and perform a denial of service (DoS) attack.
Update the affected package openldap2 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise Module for Legacy Software: 15-SP2 - 15-SP3
SUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise High Performance Computing: 15-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Development Tools: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
openldap2-devel-32bit: before 2.4.46-9.48.1
libldap-2_4-2-32bit-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2-32bit: before 2.4.46-9.48.1
libldap-data: before 2.4.46-9.48.1
openldap2-ppolicy-check-password-debuginfo: before 1.2-9.48.1
openldap2-ppolicy-check-password: before 1.2-9.48.1
openldap2-devel-static: before 2.4.46-9.48.1
openldap2-devel: before 2.4.46-9.48.1
openldap2-debugsource: before 2.4.46-9.48.1
openldap2-debuginfo: before 2.4.46-9.48.1
openldap2-client-debuginfo: before 2.4.46-9.48.1
openldap2-client: before 2.4.46-9.48.1
openldap2-back-perl-debuginfo: before 2.4.46-9.48.1
openldap2-back-perl: before 2.4.46-9.48.1
openldap2-back-meta-debuginfo: before 2.4.46-9.48.1
openldap2-back-meta: before 2.4.46-9.48.1
openldap2: before 2.4.46-9.48.1
libldap-2_4-2-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2: before 2.4.46-9.48.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-ESPOS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_development_tools:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_basesystem:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:openldap2-devel-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-data:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel-static:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debugsource:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2:*:*:*:*:*:suse_linux:*:
http://www.suse.com/support/update/announcement/2021/suse-su-20210723-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Type Confusion
EUVDB-ID: #VU50396
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36229
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error in ldap_X509dn2bv when parsing X.509 DN in ad_keystring. A remote attacker can send a specially crafted request to slapd and crash it.
Update the affected package openldap2 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise Module for Legacy Software: 15-SP2 - 15-SP3
SUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise High Performance Computing: 15-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Development Tools: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
openldap2-devel-32bit: before 2.4.46-9.48.1
libldap-2_4-2-32bit-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2-32bit: before 2.4.46-9.48.1
libldap-data: before 2.4.46-9.48.1
openldap2-ppolicy-check-password-debuginfo: before 1.2-9.48.1
openldap2-ppolicy-check-password: before 1.2-9.48.1
openldap2-devel-static: before 2.4.46-9.48.1
openldap2-devel: before 2.4.46-9.48.1
openldap2-debugsource: before 2.4.46-9.48.1
openldap2-debuginfo: before 2.4.46-9.48.1
openldap2-client-debuginfo: before 2.4.46-9.48.1
openldap2-client: before 2.4.46-9.48.1
openldap2-back-perl-debuginfo: before 2.4.46-9.48.1
openldap2-back-perl: before 2.4.46-9.48.1
openldap2-back-meta-debuginfo: before 2.4.46-9.48.1
openldap2-back-meta: before 2.4.46-9.48.1
openldap2: before 2.4.46-9.48.1
libldap-2_4-2-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2: before 2.4.46-9.48.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-ESPOS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_development_tools:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_basesystem:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:openldap2-devel-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-data:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel-static:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debugsource:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2:*:*:*:*:*:suse_linux:*:
http://www.suse.com/support/update/announcement/2021/suse-su-20210723-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Reachable Assertion
EUVDB-ID: #VU50397
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36230
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when parsing the X.509 DN within the ber_next_element() function in decode.c. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.
Update the affected package openldap2 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise Module for Legacy Software: 15-SP2 - 15-SP3
SUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise High Performance Computing: 15-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Development Tools: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
openldap2-devel-32bit: before 2.4.46-9.48.1
libldap-2_4-2-32bit-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2-32bit: before 2.4.46-9.48.1
libldap-data: before 2.4.46-9.48.1
openldap2-ppolicy-check-password-debuginfo: before 1.2-9.48.1
openldap2-ppolicy-check-password: before 1.2-9.48.1
openldap2-devel-static: before 2.4.46-9.48.1
openldap2-devel: before 2.4.46-9.48.1
openldap2-debugsource: before 2.4.46-9.48.1
openldap2-debuginfo: before 2.4.46-9.48.1
openldap2-client-debuginfo: before 2.4.46-9.48.1
openldap2-client: before 2.4.46-9.48.1
openldap2-back-perl-debuginfo: before 2.4.46-9.48.1
openldap2-back-perl: before 2.4.46-9.48.1
openldap2-back-meta-debuginfo: before 2.4.46-9.48.1
openldap2-back-meta: before 2.4.46-9.48.1
openldap2: before 2.4.46-9.48.1
libldap-2_4-2-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2: before 2.4.46-9.48.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-ESPOS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_development_tools:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_basesystem:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:openldap2-devel-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-data:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel-static:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debugsource:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2:*:*:*:*:*:suse_linux:*:
http://www.suse.com/support/update/announcement/2021/suse-su-20210723-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Reachable Assertion
EUVDB-ID: #VU50779
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27212
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when processing LDAP packets within the issuerAndThisUpdateCheck() function in schema_init.c. A remote attacker can send a specially crafted packet with a short timestamp to the slapd and perform a denial of service (DoS) attack.
Update the affected package openldap2 to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise Module for Legacy Software: 15-SP2 - 15-SP3
SUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise High Performance Computing: 15-LTSS - 15-SP1-ESPOS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Development Tools: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
openldap2-devel-32bit: before 2.4.46-9.48.1
libldap-2_4-2-32bit-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2-32bit: before 2.4.46-9.48.1
libldap-data: before 2.4.46-9.48.1
openldap2-ppolicy-check-password-debuginfo: before 1.2-9.48.1
openldap2-ppolicy-check-password: before 1.2-9.48.1
openldap2-devel-static: before 2.4.46-9.48.1
openldap2-devel: before 2.4.46-9.48.1
openldap2-debugsource: before 2.4.46-9.48.1
openldap2-debuginfo: before 2.4.46-9.48.1
openldap2-client-debuginfo: before 2.4.46-9.48.1
openldap2-client: before 2.4.46-9.48.1
openldap2-back-perl-debuginfo: before 2.4.46-9.48.1
openldap2-back-perl: before 2.4.46-9.48.1
openldap2-back-meta-debuginfo: before 2.4.46-9.48.1
openldap2-back-meta: before 2.4.46-9.48.1
openldap2: before 2.4.46-9.48.1
libldap-2_4-2-debuginfo: before 2.4.46-9.48.1
libldap-2_4-2: before 2.4.46-9.48.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP1:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_legacy_software:15-SP3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_proxy:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_manager_server:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-ESPOS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP1-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_enterprise_storage:6:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-LTSS:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_development_tools:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_module_for_basesystem:15-SP2:*:*:*:*:*:*:
- cpe:2.3:o:suse:openldap2-devel-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-32bit:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-data:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-ppolicy-check-password:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel-static:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-devel:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debugsource:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-client:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-perl:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2-back-meta:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:openldap2:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2-debuginfo:*:*:*:*:*:suse_linux:*:
- cpe:2.3:o:suse:libldap-2_4-2:*:*:*:*:*:suse_linux:*:
http://www.suse.com/support/update/announcement/2021/suse-su-20210723-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
