CVE-2020-12243

high-risk
Published 2020-04-28

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

Do I need to act?

!
10.8% chance of exploitation in next 30 days
EPSS score — higher than 89% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Debian Apple Oracle Broadcom Openldap Canonical Netapp Opensuse

References (24)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html
Exploit https://bugs.openldap.org/show_bug.cgi?id=9202
Release Notes https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES
Patch https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba...
Mailing List https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20200511-0003/
Third Party Advisory https://support.apple.com/kb/HT211289
Third Party Advisory https://usn.ubuntu.com/4352-1/
Third Party Advisory https://usn.ubuntu.com/4352-2/
Third Party Advisory https://www.debian.org/security/2020/dsa-4666
Third Party Advisory https://www.oracle.com/security-alerts/cpuapr2022.html
Patch https://www.oracle.com/security-alerts/cpuoct2020.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html
Exploit https://bugs.openldap.org/show_bug.cgi?id=9202
Release Notes https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES
Patch https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba...
Mailing List https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20200511-0003/
Third Party Advisory https://support.apple.com/kb/HT211289
Third Party Advisory https://usn.ubuntu.com/4352-1/
and 4 more references
63
/ 100
high-risk
Severity 26/34 · High
Exploitability 11/34 · Low
Exposure 26/34 · High