SUSE update for openldap2

Published: 2021-04-16

Risk	Medium
Patch available	YES
Number of vulnerabilities	11
CVE-ID	CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-27212
CWE-ID	CWE-191 CWE-617 CWE-415 CWE-763 CWE-399 CWE-835 CWE-843
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE Linux Enterprise Point of Sale Operating systems & Components / Operating system SUSE Linux Enterprise Debuginfo Operating systems & Components / Operating system openldap2-client-openssl1-debugsource Operating systems & Components / Operating system package or component openldap2-client-openssl1-debuginfo Operating systems & Components / Operating system package or component openldap2-debugsource Operating systems & Components / Operating system package or component openldap2-debuginfo Operating systems & Components / Operating system package or component openldap2-client-debugsource Operating systems & Components / Operating system package or component openldap2-client-debuginfo Operating systems & Components / Operating system package or component libldap-openssl1-2_4-2-x86 Operating systems & Components / Operating system package or component libldap-openssl1-2_4-2-32bit Operating systems & Components / Operating system package or component openldap2-openssl1 Operating systems & Components / Operating system package or component openldap2-client-openssl1 Operating systems & Components / Operating system package or component libldap-openssl1-2_4-2 Operating systems & Components / Operating system package or component libldap-2_4-2-32bit Operating systems & Components / Operating system package or component openldap2-client Operating systems & Components / Operating system package or component openldap2-back-meta Operating systems & Components / Operating system package or component openldap2 Operating systems & Components / Operating system package or component libldap-2_4-2 Operating systems & Components / Operating system package or component compat-libldap-2_3-0 Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Integer underflow

EUVDB-ID: #VU50389

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-36221

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer underflow within the serialNumberAndIssuerCheck() function in schema_init.c. A remote attacker can send a specially crafted request to the affected application, trigger an integer underflow and crash the slapd.

Mitigation

Update the affected package openldap2 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SECURITY - 11-SP4-LTSS

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

openldap2-client-openssl1-debugsource: before 2.4.26-0.74.26.1

openldap2-client-openssl1-debuginfo: before 2.4.26-0.74.26.1

openldap2-debugsource: before 2.4.26-0.74.26.1

openldap2-debuginfo: before 2.4.26-0.74.26.1

openldap2-client-debugsource: before 2.4.26-0.74.26.1

openldap2-client-debuginfo: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-x86: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-openssl1: before 2.4.26-0.74.26.1

openldap2-client-openssl1: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2: before 2.4.26-0.74.26.1

libldap-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-client: before 2.4.26-0.74.26.1

openldap2-back-meta: before 2.4.26-0.74.26.1

openldap2: before 2.4.26-0.74.26.1

libldap-2_4-2: before 2.4.26-0.74.26.1

compat-libldap-2_3-0: before 2.3.37-2.74.26.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114700-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Reachable Assertion

EUVDB-ID: #VU50390

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-36222

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in slapd in the saslAuthzTo validation. A remote attacker can send a specially crafted request and perform a denial of service (DoS) attack.

Mitigation

Update the affected package openldap2 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SECURITY - 11-SP4-LTSS

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

openldap2-client-openssl1-debugsource: before 2.4.26-0.74.26.1

openldap2-client-openssl1-debuginfo: before 2.4.26-0.74.26.1

openldap2-debugsource: before 2.4.26-0.74.26.1

openldap2-debuginfo: before 2.4.26-0.74.26.1

openldap2-client-debugsource: before 2.4.26-0.74.26.1

openldap2-client-debuginfo: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-x86: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-openssl1: before 2.4.26-0.74.26.1

openldap2-client-openssl1: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2: before 2.4.26-0.74.26.1

libldap-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-client: before 2.4.26-0.74.26.1

openldap2-back-meta: before 2.4.26-0.74.26.1

openldap2: before 2.4.26-0.74.26.1

libldap-2_4-2: before 2.4.26-0.74.26.1

compat-libldap-2_3-0: before 2.3.37-2.74.26.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114700-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Double Free

EUVDB-ID: #VU50391

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-36223

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error during the Values Return Filter control handling. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack.

Mitigation

Update the affected package openldap2 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SECURITY - 11-SP4-LTSS

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

openldap2-client-openssl1-debugsource: before 2.4.26-0.74.26.1

openldap2-client-openssl1-debuginfo: before 2.4.26-0.74.26.1

openldap2-debugsource: before 2.4.26-0.74.26.1

openldap2-debuginfo: before 2.4.26-0.74.26.1

openldap2-client-debugsource: before 2.4.26-0.74.26.1

openldap2-client-debuginfo: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-x86: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-openssl1: before 2.4.26-0.74.26.1

openldap2-client-openssl1: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2: before 2.4.26-0.74.26.1

libldap-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-client: before 2.4.26-0.74.26.1

openldap2-back-meta: before 2.4.26-0.74.26.1

openldap2: before 2.4.26-0.74.26.1

libldap-2_4-2: before 2.4.26-0.74.26.1

compat-libldap-2_3-0: before 2.3.37-2.74.26.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114700-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Release of invalid pointer or reference

EUVDB-ID: #VU50398

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-36224

CWE-ID: CWE-763 - Release of invalid pointer or reference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to release of an invalid pointer when processing saslAuthzTo requests. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.

Mitigation

Update the affected package openldap2 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SECURITY - 11-SP4-LTSS

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

openldap2-client-openssl1-debugsource: before 2.4.26-0.74.26.1

openldap2-client-openssl1-debuginfo: before 2.4.26-0.74.26.1

openldap2-debugsource: before 2.4.26-0.74.26.1

openldap2-debuginfo: before 2.4.26-0.74.26.1

openldap2-client-debugsource: before 2.4.26-0.74.26.1

openldap2-client-debuginfo: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-x86: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-openssl1: before 2.4.26-0.74.26.1

openldap2-client-openssl1: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2: before 2.4.26-0.74.26.1

libldap-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-client: before 2.4.26-0.74.26.1

openldap2-back-meta: before 2.4.26-0.74.26.1

openldap2: before 2.4.26-0.74.26.1

libldap-2_4-2: before 2.4.26-0.74.26.1

compat-libldap-2_3-0: before 2.3.37-2.74.26.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114700-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Double Free

EUVDB-ID: #VU50392

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-36225

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the saslAuthzTo processing. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack

Mitigation

Update the affected package openldap2 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SECURITY - 11-SP4-LTSS

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

openldap2-client-openssl1-debugsource: before 2.4.26-0.74.26.1

openldap2-client-openssl1-debuginfo: before 2.4.26-0.74.26.1

openldap2-debugsource: before 2.4.26-0.74.26.1

openldap2-debuginfo: before 2.4.26-0.74.26.1

openldap2-client-debugsource: before 2.4.26-0.74.26.1

openldap2-client-debuginfo: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-x86: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-openssl1: before 2.4.26-0.74.26.1

openldap2-client-openssl1: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2: before 2.4.26-0.74.26.1

libldap-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-client: before 2.4.26-0.74.26.1

openldap2-back-meta: before 2.4.26-0.74.26.1

openldap2: before 2.4.26-0.74.26.1

libldap-2_4-2: before 2.4.26-0.74.26.1

compat-libldap-2_3-0: before 2.3.37-2.74.26.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114700-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource management error

EUVDB-ID: #VU50393

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-36226

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application leading to a memch->bv_len miscalculation during saslAuthzTo processing. A remote attacker can send specially crafted request to the slapd and perform a denial of service (DoS) attack.

Mitigation

Update the affected package openldap2 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SECURITY - 11-SP4-LTSS

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

openldap2-client-openssl1-debugsource: before 2.4.26-0.74.26.1

openldap2-client-openssl1-debuginfo: before 2.4.26-0.74.26.1

openldap2-debugsource: before 2.4.26-0.74.26.1

openldap2-debuginfo: before 2.4.26-0.74.26.1

openldap2-client-debugsource: before 2.4.26-0.74.26.1

openldap2-client-debuginfo: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-x86: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-openssl1: before 2.4.26-0.74.26.1

openldap2-client-openssl1: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2: before 2.4.26-0.74.26.1

libldap-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-client: before 2.4.26-0.74.26.1

openldap2-back-meta: before 2.4.26-0.74.26.1

openldap2: before 2.4.26-0.74.26.1

libldap-2_4-2: before 2.4.26-0.74.26.1

compat-libldap-2_3-0: before 2.3.37-2.74.26.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114700-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Infinite loop

EUVDB-ID: #VU50394

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-36227

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in slapd with the cancel_extop Cancel operation. A remote attacker can send a specially crafted request and perform a denial of service conditions.

Mitigation

Update the affected package openldap2 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SECURITY - 11-SP4-LTSS

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

openldap2-client-openssl1-debugsource: before 2.4.26-0.74.26.1

openldap2-client-openssl1-debuginfo: before 2.4.26-0.74.26.1

openldap2-debugsource: before 2.4.26-0.74.26.1

openldap2-debuginfo: before 2.4.26-0.74.26.1

openldap2-client-debugsource: before 2.4.26-0.74.26.1

openldap2-client-debuginfo: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-x86: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-openssl1: before 2.4.26-0.74.26.1

openldap2-client-openssl1: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2: before 2.4.26-0.74.26.1

libldap-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-client: before 2.4.26-0.74.26.1

openldap2-back-meta: before 2.4.26-0.74.26.1

openldap2: before 2.4.26-0.74.26.1

libldap-2_4-2: before 2.4.26-0.74.26.1

compat-libldap-2_3-0: before 2.3.37-2.74.26.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114700-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Integer underflow

EUVDB-ID: #VU50395

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-36228

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer underflow when processing the certificate list exact assertion. A remote attacker can send a specially crafted request to the slapd, trigger integer underflow and perform a denial of service (DoS) attack.

Mitigation

Update the affected package openldap2 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SECURITY - 11-SP4-LTSS

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

openldap2-client-openssl1-debugsource: before 2.4.26-0.74.26.1

openldap2-client-openssl1-debuginfo: before 2.4.26-0.74.26.1

openldap2-debugsource: before 2.4.26-0.74.26.1

openldap2-debuginfo: before 2.4.26-0.74.26.1

openldap2-client-debugsource: before 2.4.26-0.74.26.1

openldap2-client-debuginfo: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-x86: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-openssl1: before 2.4.26-0.74.26.1

openldap2-client-openssl1: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2: before 2.4.26-0.74.26.1

libldap-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-client: before 2.4.26-0.74.26.1

openldap2-back-meta: before 2.4.26-0.74.26.1

openldap2: before 2.4.26-0.74.26.1

libldap-2_4-2: before 2.4.26-0.74.26.1

compat-libldap-2_3-0: before 2.3.37-2.74.26.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114700-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Type Confusion

EUVDB-ID: #VU50396

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-36229

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error in ldap_X509dn2bv when parsing X.509 DN in ad_keystring. A remote attacker can send a specially crafted request to slapd and crash it.

Mitigation

Update the affected package openldap2 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SECURITY - 11-SP4-LTSS

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

openldap2-client-openssl1-debugsource: before 2.4.26-0.74.26.1

openldap2-client-openssl1-debuginfo: before 2.4.26-0.74.26.1

openldap2-debugsource: before 2.4.26-0.74.26.1

openldap2-debuginfo: before 2.4.26-0.74.26.1

openldap2-client-debugsource: before 2.4.26-0.74.26.1

openldap2-client-debuginfo: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-x86: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-openssl1: before 2.4.26-0.74.26.1

openldap2-client-openssl1: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2: before 2.4.26-0.74.26.1

libldap-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-client: before 2.4.26-0.74.26.1

openldap2-back-meta: before 2.4.26-0.74.26.1

openldap2: before 2.4.26-0.74.26.1

libldap-2_4-2: before 2.4.26-0.74.26.1

compat-libldap-2_3-0: before 2.3.37-2.74.26.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114700-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Reachable Assertion

EUVDB-ID: #VU50397

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-36230

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when parsing the X.509 DN within the ber_next_element() function in decode.c. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.

Mitigation

Update the affected package openldap2 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SECURITY - 11-SP4-LTSS

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

openldap2-client-openssl1-debugsource: before 2.4.26-0.74.26.1

openldap2-client-openssl1-debuginfo: before 2.4.26-0.74.26.1

openldap2-debugsource: before 2.4.26-0.74.26.1

openldap2-debuginfo: before 2.4.26-0.74.26.1

openldap2-client-debugsource: before 2.4.26-0.74.26.1

openldap2-client-debuginfo: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-x86: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-openssl1: before 2.4.26-0.74.26.1

openldap2-client-openssl1: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2: before 2.4.26-0.74.26.1

libldap-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-client: before 2.4.26-0.74.26.1

openldap2-back-meta: before 2.4.26-0.74.26.1

openldap2: before 2.4.26-0.74.26.1

libldap-2_4-2: before 2.4.26-0.74.26.1

compat-libldap-2_3-0: before 2.3.37-2.74.26.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114700-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Reachable Assertion

EUVDB-ID: #VU50779

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-27212

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when processing LDAP packets within the issuerAndThisUpdateCheck() function in schema_init.c. A remote attacker can send a specially crafted packet with a short timestamp to the slapd and perform a denial of service (DoS) attack.

Mitigation

Update the affected package openldap2 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SECURITY - 11-SP4-LTSS

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

openldap2-client-openssl1-debugsource: before 2.4.26-0.74.26.1

openldap2-client-openssl1-debuginfo: before 2.4.26-0.74.26.1

openldap2-debugsource: before 2.4.26-0.74.26.1

openldap2-debuginfo: before 2.4.26-0.74.26.1

openldap2-client-debugsource: before 2.4.26-0.74.26.1

openldap2-client-debuginfo: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-x86: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-openssl1: before 2.4.26-0.74.26.1

openldap2-client-openssl1: before 2.4.26-0.74.26.1

libldap-openssl1-2_4-2: before 2.4.26-0.74.26.1

libldap-2_4-2-32bit: before 2.4.26-0.74.26.1

openldap2-client: before 2.4.26-0.74.26.1

openldap2-back-meta: before 2.4.26-0.74.26.1

openldap2: before 2.4.26-0.74.26.1

libldap-2_4-2: before 2.4.26-0.74.26.1

compat-libldap-2_3-0: before 2.3.37-2.74.26.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-202114700-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.