CVE-2020-25710 - Openldap Openldap, Redhat Jboss Core Services and Redhat Jboss Enterprise Web Server

May 28, 2021

Critical 7.5

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

Affected software

Openldap Openldap

Redhat Jboss Core Services

Redhat Jboss Enterprise Web Server

Redhat Jboss Enterprise Application Platform

Debian Debian Linux

Redhat Enterprise Linux

Fedoraproject Fedora

Reference links

https://lists.debian.org/debian-lts-announce/2020/12/msg00008.html
https://git.openldap.org/openldap/openldap/-/commit/ab3915154e69920d480205b4bf5ccb2b391a0a1f#a2feb6ed0257c21c6672793ee2f94eaadc10c72c
https://www.debian.org/security/2020/dsa-4792
https://bugzilla.redhat.com/show_bug.cgi?id=1899678

CVE-2020-25710 - Openldap Openldap, Redhat Jboss Core Services and Redhat Jboss Enterprise Web Server

Affected software

Reference links

Get alerted to vulnerabilities in your software