Medium severity4.2NVD Advisory· Published Jul 14, 2020· Updated Jun 17, 2026
CVE-2020-15719
CVE-2020-15719
Description
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- OpenLDAP/OpenLDAPdescription
- osv-coords9 versionspkg:bitnami/openldappkg:rpm/opensuse/openldap2&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/openldap2&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP1pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP2
< 2.4.46-10.el8+ 8 more
- (no CPE)range: < 2.4.46-10.el8
- (no CPE)range: < 2.4.46-lp151.10.15.1
- (no CPE)range: < 2.4.46-lp152.14.6.1
- (no CPE)range: < 2.4.46-9.34.1
- (no CPE)range: < 2.4.46-9.34.1
- (no CPE)range: < 2.4.46-9.34.1
- (no CPE)range: < 2.4.46-9.34.1
- (no CPE)range: < 2.4.46-9.34.1
- (no CPE)range: < 2.4.46-9.34.1
Patches
Vulnerability mechanics
References
7- www.oracle.com/security-alerts/cpuapr2022.htmlnvdPatchThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.htmlnvdMailing ListThird Party Advisory
- access.redhat.com/errata/RHBA-2019:3674nvdThird Party Advisory
- bugs.openldap.org/show_bug.cginvdPermissions RequiredVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- kc.mcafee.com/corporate/indexnvdThird Party Advisory
News mentions
0No linked articles in our index yet.