#VU48516 Reachable Assertion in OpenLDAP - CVE-2020-25709

Cybersecurity Help s.r.o.

Published: 2020-11-18 | Updated: 2021-02-04

Vulnerability identifier: #VU48516

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-25709

CWE-ID: CWE-617

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OpenLDAP
Server applications / Directory software, identity management

Vendor: OpenLDAP.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in certificateListValidate() function in schema_init.c. A remote attacker can send specially crafted packet to the slapd daemon, trigger an assertion failure and crash the service.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenLDAP: 2.4.6 - 2.4.55

External links
https://bugs.openldap.org/show_bug.cgi?id=9383
https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell XtremIO X2

Multiple vulnerabilities in Juniper Networks Session Smart Router

Multiple vulnerabilities in Junos Space

Multiple vulnerabilities in IBM Security Access Manager

Multiple vulnerabilities in IBM QRadar Network Security

Multiple vulnerabilities in Hitachi Energy SDM600

Multiple vulnerabilities in Migration Toolkit for Containers 1.5

Multiple vulnerabilities in Red Hat OpenShift GitOps 1.3

Multiple vulnerabilities in Red Hat OpenShift GitOps 1.2

CentOS 7 update for openldap