CVE-2020-12243

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 28-04-2020 09:15

Last modified: - 29-04-2022 03:24

Total changes: - 4

Description

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

vendor=openldap AND product=openldap AND versionEndExcluding=2.4.50

vendor=Debian AND product=debian_linux AND version=8.0

vendor=Debian AND product=debian_linux AND version=9.0

vendor=Debian AND product=debian_linux AND version=10.0

vendor=opensuse AND product=leap AND version=15.1

vendor=canonical AND product=ubuntu_linux AND version=12.04

vendor=canonical AND product=ubuntu_linux AND version=14.04 AND software_edition=esm

vendor=canonical AND product=ubuntu_linux AND version=16.04 AND software_edition=esm

vendor=canonical AND product=ubuntu_linux AND version=18.04 AND software_edition=lts

vendor=canonical AND product=ubuntu_linux AND version=19.10

vendor=canonical AND product=ubuntu_linux AND version=20.04 AND software_edition=lts

vendor=netapp AND product=cloud_backup AND version=-

vendor=netapp AND product=steelstore_cloud_integrated_storage AND version=-

AND

vendor=netapp AND product=h410c_firmware AND version=-

vendor=netapp AND product=h410c AND version=-

AND

vendor=netapp AND product=h300s_firmware AND version=-

vendor=netapp AND product=h300s AND version=-

AND

vendor=netapp AND product=h500s_firmware AND version=-

vendor=netapp AND product=h500s AND version=-

AND

vendor=netapp AND product=h700s_firmware AND version=-

vendor=netapp AND product=h700s AND version=-

AND

vendor=netapp AND product=h300e_firmware AND version=-

vendor=netapp AND product=h300e AND version=-

AND

vendor=netapp AND product=h500e_firmware AND version=-

vendor=netapp AND product=h500e AND version=-

AND

vendor=netapp AND product=h700e_firmware AND version=-

vendor=netapp AND product=h700e AND version=-

AND

vendor=netapp AND product=h410s_firmware AND version=-

vendor=netapp AND product=h410s AND version=-

vendor=broadcom AND product=brocade_fabric_operating_system AND version=-

vendor=apple AND product=mac_os_x AND versionStartIncluding=10.13.0 AND versionEndExcluding=10.13.6

vendor=apple AND product=mac_os_x AND version=10.13.6 AND update=security_update_2018-002

vendor=apple AND product=mac_os_x AND version=10.13.6 AND update=security_update_2018-003

vendor=apple AND product=mac_os_x AND version=10.13.6 AND update=security_update_2019-001

vendor=apple AND product=mac_os_x AND version=10.13.6 AND update=security_update_2019-002

vendor=apple AND product=mac_os_x AND version=10.13.6 AND update=security_update_2019-003

vendor=apple AND product=mac_os_x AND version=10.13.6 AND update=security_update_2019-004

vendor=apple AND product=mac_os_x AND version=10.13.6 AND update=security_update_2019-005

vendor=apple AND product=mac_os_x AND version=10.13.6 AND update=security_update_2019-006

vendor=apple AND product=mac_os_x AND version=10.13.6 AND update=security_update_2019-007

vendor=apple AND product=mac_os_x AND version=10.13.6 AND update=security_update_2020-001

vendor=apple AND product=mac_os_x AND version=10.13.6 AND update=security_update_2020-002

vendor=apple AND product=mac_os_x AND version=10.13.6 AND update=security_update_2020-003

vendor=apple AND product=mac_os_x AND version=10.13.6 AND update=supplemental_update

vendor=apple AND product=mac_os_x AND versionStartIncluding=10.14.0 AND versionEndExcluding=10.14.6

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2019-001

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2019-002

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2019-004

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2019-005

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2019-006

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2019-007

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2020-001

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2020-002

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2020-003

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2020-004

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2020-005

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2020-006

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2020-007

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2021-001

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2021-002

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=security_update_2021-003

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=supplemental_update

vendor=apple AND product=mac_os_x AND version=10.14.6 AND update=supplemental_update_2

vendor=apple AND product=mac_os_x AND versionStartIncluding=10.15 AND versionEndExcluding=10.15.6

vendor=oracle AND product=zfs_storage_appliance_kit AND version=8.8

vendor=oracle AND product=solaris AND version=10

vendor=oracle AND product=solaris AND version=11

Reference

https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES
https://bugs.openldap.org/show_bug.cgi?id=9202
https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440
DSA-4666-Third Party Advisory
[debian-lts-announce] 20200502 [SECURITY] [DLA 2199-1] openldap security update-Mailing List, Third Party Advisory
USN-4352-2-Third Party Advisory
https://security.netapp.com/advisory/ntap-20200511-0003/
openSUSE-SU-2020:0647-Mailing List, Third Party Advisory
USN-4352-1-Third Party Advisory
https://support.apple.com/kb/HT211289
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuapr2022.html

Keywords

CVE-2020-12243

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-12243

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures