CVE-2021-27212

Updated: 2023-11-07 20:03:21.137624

Description:

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS openldap 2.4.40 7.5 HIGH Released CLSA-2021:1638803748 2022-05-05 12:02:26
CentOS 7 ELS openldap 2.4.44 7.5 HIGH Released CLSA-2023:1695834945 2023-09-27 14:08:08
CentOS 8.4 ELS openldap 2.4.46-17 7.5 HIGH Released CLSA-2022:1646915783 2022-03-10 08:59:17
CentOS 8.5 ELS openldap 2.4.46-18 7.5 HIGH Released CLSA-2022:1646666594 2022-03-08 02:41:11
CloudLinux 6 ELS openldap 2.4.40 7.5 HIGH Released 2021-12-09 07:57:05
Oracle Linux 6 ELS openldap 2.4.40 7.5 HIGH Released CLSA-2021:1637770462 2021-12-09 07:57:05
Ubuntu 16.04 ELS openldap 2.4.42 7.5 HIGH Not Vulnerable 2021-12-28 08:23:54
Ubuntu 18.04 ELS openldap 2.4.45 7.5 HIGH Already Fixed 2023-06-02 09:09:52

Statement

Already fixed in 2.4.42+dfsg-2ubuntu3.13