Reachable Assertion Affecting openldap package, versions <2.4.47+dfsg-3+deb10u4


0.0
high

Snyk CVSS

    Attack Complexity Low
    Availability High
Expand this section
NVD
7.5 high
Expand this section
SUSE
6.5 medium
Expand this section
Red Hat
7.5 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-DEBIAN10-OPENLDAP-1039832
  • published 13 Nov 2020
  • disclosed 28 May 2021

How to fix?

Upgrade Debian:10 openldap to version 2.4.47+dfsg-3+deb10u4 or higher.

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package. See How to fix? for Debian:10 relevant versions.

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.