CVE-2020-25692

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
openldapopenldap
𝑥
< 2.4.55
redhatenterprise_linux
5.0
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
netappcloud_backup
-
netappsolidfire_baseboard_management_controller_firmware
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openldap
bullseye (security)
2.4.57+dfsg-3+deb11u1
fixed
bullseye
2.4.57+dfsg-3+deb11u1
fixed
bookworm
2.5.13+dfsg-5
fixed
sid
2.5.18+dfsg-3
fixed
trixie
2.5.18+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openldap
groovy
Fixed 2.4.53+dfsg-1ubuntu1.1
released
focal
Fixed 2.4.49+dfsg-2ubuntu1.4
released
bionic
Fixed 2.4.45+dfsg-1ubuntu1.7
released
xenial
Fixed 2.4.42+dfsg-2ubuntu3.10
released
trusty
Fixed 2.4.31-1+nmu2ubuntu8.5+esm3
released
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1894567
https://security.netapp.com/advisory/ntap-20210108-0006/
https://bugzilla.redhat.com/show_bug.cgi?id=1894567
https://security.netapp.com/advisory/ntap-20210108-0006/