CVE-2020-25692: Null Pointer Dereference
First published: Wed Nov 04 2020(Updated: )
OpenLDAP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted TCP packet, a remote attacker could exploit this vulnerability to cause slapd to crash.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cloud Pak for Security (CP4S) | <=1.7.2.0 | |
| IBM Cloud Pak for Security (CP4S) | <=1.7.1.0 | |
| IBM Cloud Pak for Security (CP4S) | <=1.7.0.0 | |
| Openldap Openldap | <2.4.55 | |
| Redhat Enterprise Linux | =5.0 | |
| Redhat Enterprise Linux | =6.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Netapp Cloud Backup | ||
| Netapp Solidfire Baseboard Management Controller Firmware | ||
| Netapp Solidfire Baseboard Management Controller | ||
| redhat/openldap | <2.4.55 | 2.4.55 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/191968
- https://www.ibm.com/support/pages/node/6493729 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi?id=1894567
- https://security.netapp.com/advisory/ntap-20210108-0006/
- https://bugs.openldap.org/show_bug.cgi?id=9370
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1895288
- https://git.openldap.org/openldap/openldap/-/commit/6abfd60078af02d56edb3b6897692cdd09a08971
- https://git.openldap.org/openldap/openldap/-/commit/a08a2db4063f54a6217a0f091aebd02f8bdb482e
- https://git.openldap.org/openldap/openldap/-/commit/4c774220a752bf8e3284984890dc0931fe73165d
- https://access.redhat.com/errata/RHSA-2021:1389
- https://access.redhat.com/security/cve/cve-2020-25692
Frequently Asked Questions
What is CVE-2020-25692?
CVE-2020-25692 is a vulnerability found in OpenLDAP server that allows an unauthenticated attacker to remotely crash the slapd process, causing a Denial of Service.
How does CVE-2020-25692 affect OpenLDAP?
CVE-2020-25692 affects OpenLDAP server versions up to and including 2.4.55.
What is the severity rating of CVE-2020-25692?
CVE-2020-25692 has a severity rating of 7.5, which is considered high.
How can I fix CVE-2020-25692?
To fix CVE-2020-25692, you need to update to OpenLDAP version 2.4.55 or higher.
Where can I find more information about CVE-2020-25692?
You can find more information about CVE-2020-25692 in the following references: [Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1894567), [NetApp Security Advisory](https://security.netapp.com/advisory/ntap-20210108-0006/), [IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/vulnerabilities/191968).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/ibm-support
- collector/nvd-index
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-25692
- vendor/ibm
- canonical/ibm cloud pak for security (cp4s)
- version/ibm cloud pak for security (cp4s)/1.7.2.0
- version/ibm cloud pak for security (cp4s)/1.7.1.0
- version/ibm cloud pak for security (cp4s)/1.7.0.0
- vendor/openldap
- canonical/openldap openldap
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/5.0
- version/redhat enterprise linux/6.0
- version/redhat enterprise linux/7.0
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp solidfire baseboard management controller firmware
- canonical/netapp solidfire baseboard management controller
- package-manager/redhat