Unrated severityNVD Advisory· Published Apr 28, 2020· Updated Aug 4, 2024

CVE-2020-12243

Description

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

Affected products

OpenLDAP/OpenLDAPdescription
osv-coords36 versions
pkg:bitnami/openldap pkg:rpm/opensuse/openldap2&distro=openSUSE%20Leap%2015.1 pkg:rpm/suse/openldap2-client&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/openldap2-client&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS pkg:rpm/suse/openldap2-client&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/openldap2-client&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/openldap2-client-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITY pkg:rpm/suse/openldap2&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openldap2&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1 pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2012 pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP1 pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/openldap2&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openldap2&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openldap2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 2.4.50+ 35 more
- (no CPE)range: < 2.4.50
- (no CPE)range: < 2.4.46-lp151.10.9.1
- (no CPE)range: < 2.4.26-0.74.9.1
- (no CPE)range: < 2.4.26-0.74.9.1
- (no CPE)range: < 2.4.41-18.24.17.1
- (no CPE)range: < 2.4.41-18.24.17.1
- (no CPE)range: < 2.4.26-0.74.9.1
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.46-9.28.2
- (no CPE)range: < 2.4.46-9.28.2
- (no CPE)range: < 2.4.46-9.28.2
- (no CPE)range: < 2.4.46-9.28.2
- (no CPE)range: < 2.4.41-18.24.17.1
- (no CPE)range: < 2.4.46-9.28.2
- (no CPE)range: < 2.4.26-0.74.9.1
- (no CPE)range: < 2.4.26-0.74.9.1
- (no CPE)range: < 2.4.41-18.24.17.1
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.46-9.28.2
- (no CPE)range: < 2.4.41-18.24.17.1
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.46-9.28.2
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.41-18.68.1
- (no CPE)range: < 2.4.41-18.68.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.htmlmitrevendor-advisoryx_refsource_SUSE
usn.ubuntu.com/4352-1/mitrevendor-advisoryx_refsource_UBUNTU
usn.ubuntu.com/4352-2/mitrevendor-advisoryx_refsource_UBUNTU
www.debian.org/security/2020/dsa-4666mitrevendor-advisoryx_refsource_DEBIAN
bugs.openldap.org/show_bug.cgimitrex_refsource_MISC
git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGESmitrex_refsource_CONFIRM
git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440mitrex_refsource_CONFIRM
lists.debian.org/debian-lts-announce/2020/05/msg00001.htmlmitremailing-listx_refsource_MLIST
security.netapp.com/advisory/ntap-20200511-0003/mitrex_refsource_CONFIRM
support.apple.com/kb/HT211289mitrex_refsource_CONFIRM
www.oracle.com/security-alerts/cpuapr2022.htmlmitrex_refsource_MISC
www.oracle.com/security-alerts/cpuoct2020.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000