CVE-2020-36222 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Vendor	Product	Version
openldap	openldap	𝑥 < 2.4.57
debian	debian_linux	9.0
debian	debian_linux	10.0
apple	mac_os_x	10.14.0 ≤ 𝑥 < 10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6:security_update_2019-004
apple	mac_os_x	10.14.6:security_update_2019-005
apple	mac_os_x	10.14.6:security_update_2019-006
apple	mac_os_x	10.14.6:security_update_2019-007
apple	mac_os_x	10.14.6:security_update_2020-001
apple	mac_os_x	10.14.6:security_update_2020-002
apple	mac_os_x	10.14.6:security_update_2020-003
apple	mac_os_x	10.14.6:security_update_2020-004
apple	mac_os_x	10.14.6:security_update_2020-005
apple	mac_os_x	10.14.6:security_update_2020-006
apple	mac_os_x	10.14.6:security_update_2020-007
apple	mac_os_x	10.14.6:security_update_2021-001
apple	mac_os_x	10.14.6:security_update_2021-002
apple	mac_os_x	10.14.6:security_update_2021-003
apple	mac_os_x	10.14.6:supplemental_update
apple	mac_os_x	10.14.6:supplemental_update_2
apple	macos	11.1 ≤ 𝑥 < 11.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

openldap

bullseye (security)	2.4.57+dfsg-3+deb11u1 fixed
bullseye	2.4.57+dfsg-3+deb11u1 fixed
bookworm	2.5.13+dfsg-5 fixed
sid	2.5.18+dfsg-3 fixed
trixie	2.5.18+dfsg-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

openldap

noble	Fixed 2.4.57+dfsg-2ubuntu1 released
mantic	Fixed 2.4.57+dfsg-2ubuntu1 released
lunar	Fixed 2.4.57+dfsg-2ubuntu1 released
kinetic	Fixed 2.4.57+dfsg-2ubuntu1 released
jammy	Fixed 2.4.57+dfsg-2ubuntu1 released
impish	Fixed 2.4.57+dfsg-2ubuntu1 released
hirsute	Fixed 2.4.57+dfsg-2ubuntu1 released
groovy	Fixed 2.4.53+dfsg-1ubuntu1.3 released
focal	Fixed 2.4.49+dfsg-2ubuntu1.6 released
bionic	Fixed 2.4.45+dfsg-1ubuntu1.9 released
xenial	Fixed 2.4.42+dfsg-2ubuntu3.12 released
trusty	needed

Common Weakness Enumeration

CWE-617 - Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References

http://seclists.org/fulldisclosure/2021/May/64

http://seclists.org/fulldisclosure/2021/May/65

http://seclists.org/fulldisclosure/2021/May/70

https://bugs.openldap.org/show_bug.cgi?id=9406

https://bugs.openldap.org/show_bug.cgi?id=9407

https://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0

https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed

https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed.aa

https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html

https://security.netapp.com/advisory/ntap-20210226-0002/

https://support.apple.com/kb/HT212529

https://support.apple.com/kb/HT212530

https://support.apple.com/kb/HT212531

https://www.debian.org/security/2021/dsa-4845

http://seclists.org/fulldisclosure/2021/May/64

http://seclists.org/fulldisclosure/2021/May/65

http://seclists.org/fulldisclosure/2021/May/70

https://bugs.openldap.org/show_bug.cgi?id=9406

https://bugs.openldap.org/show_bug.cgi?id=9407

https://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0

https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed

https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed.aa

https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html

https://security.netapp.com/advisory/ntap-20210226-0002/

https://support.apple.com/kb/HT212529

https://support.apple.com/kb/HT212530

https://support.apple.com/kb/HT212531

https://www.debian.org/security/2021/dsa-4845