Updated: 2024-11-22 00:51:12.049695
Description:
In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 5 |
CVSS Version 3.x | HIGH | 7.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 6 ELS | openldap | 2.4.40 | 7.5 | HIGH | Released | CLSA-2021:1638803748 | 2022-05-05 12:02:26 | Already fixed in 2.4.42+dfsg-2ubuntu3.13 |
CentOS 7 ELS | openldap | 2.4.44 | 7.5 | HIGH | Released | CLSA-2023:1695834945 | 2023-09-27 14:08:08 | Already fixed in 2.4.42+dfsg-2ubuntu3.13 |
CentOS 8.4 ELS | openldap | 2.4.46-17 | 7.5 | HIGH | Released | CLSA-2022:1646915783 | 2022-03-10 08:59:17 | Already fixed in 2.4.42+dfsg-2ubuntu3.13 |
CentOS 8.5 ELS | openldap | 2.4.46-18 | 7.5 | HIGH | Released | CLSA-2022:1646666594 | 2022-03-08 02:41:11 | Already fixed in 2.4.42+dfsg-2ubuntu3.13 |
CloudLinux 6 ELS | openldap | 2.4.40 | 7.5 | HIGH | Released | 2021-12-09 07:57:05 | Already fixed in 2.4.42+dfsg-2ubuntu3.13 | |
Oracle Linux 6 ELS | openldap | 2.4.40 | 7.5 | HIGH | Released | CLSA-2021:1637770462 | 2021-12-09 07:57:05 | Already fixed in 2.4.42+dfsg-2ubuntu3.13 |
Ubuntu 16.04 ELS | openldap | 2.4.42 | 7.5 | HIGH | Not Vulnerable | 2021-12-28 08:23:54 | Already fixed in 2.4.42+dfsg-2ubuntu3.13 | |
Ubuntu 18.04 ELS | openldap | 2.4.45 | 7.5 | HIGH | Already Fixed | 2023-06-02 09:09:52 | Already fixed in 2.4.42+dfsg-2ubuntu3.13 |