CVE-2021-27212

Updated: 2024-11-22 00:51:12.049695

Description:

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS openldap 2.4.40 7.5 HIGH Released CLSA-2021:1638803748 2022-05-05 12:02:26 Already fixed in 2.4.42+dfsg-2ubuntu3.13
CentOS 7 ELS openldap 2.4.44 7.5 HIGH Released CLSA-2023:1695834945 2023-09-27 14:08:08 Already fixed in 2.4.42+dfsg-2ubuntu3.13
CentOS 8.4 ELS openldap 2.4.46-17 7.5 HIGH Released CLSA-2022:1646915783 2022-03-10 08:59:17 Already fixed in 2.4.42+dfsg-2ubuntu3.13
CentOS 8.5 ELS openldap 2.4.46-18 7.5 HIGH Released CLSA-2022:1646666594 2022-03-08 02:41:11 Already fixed in 2.4.42+dfsg-2ubuntu3.13
CloudLinux 6 ELS openldap 2.4.40 7.5 HIGH Released 2021-12-09 07:57:05 Already fixed in 2.4.42+dfsg-2ubuntu3.13
Oracle Linux 6 ELS openldap 2.4.40 7.5 HIGH Released CLSA-2021:1637770462 2021-12-09 07:57:05 Already fixed in 2.4.42+dfsg-2ubuntu3.13
Ubuntu 16.04 ELS openldap 2.4.42 7.5 HIGH Not Vulnerable 2021-12-28 08:23:54 Already fixed in 2.4.42+dfsg-2ubuntu3.13
Ubuntu 18.04 ELS openldap 2.4.45 7.5 HIGH Already Fixed 2023-06-02 09:09:52 Already fixed in 2.4.42+dfsg-2ubuntu3.13