Details of VAR-202004-0530

ID

VAR-202004-0530

CVE

CVE-2020-12243

TITLE

OpenLDAP Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005084

DESCRIPTION

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). OpenLDAP Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. The filter.c file of slapd in versions earlier than OpenLDAP 2.4.50 has a security vulnerability. ========================================================================= Ubuntu Security Notice USN-4352-2 May 06, 2020 openldap vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: OpenLDAP could be made to crash if it received specially crafted network traffic. Software Description: - openldap: Lightweight Directory Access Protocol Details: USN-4352-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: slapd 2.4.31-1+nmu2ubuntu8.5+esm2 Ubuntu 12.04 ESM: slapd 2.4.28-1.1ubuntu4.10 In general, a standard system update will make all the necessary changes. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat 3scale API Management 2.10.0 security update and release Advisory ID: RHSA-2021:1129-01 Product: 3scale API Management Advisory URL: https://access.redhat.com/errata/RHSA-2021:1129 Issue date: 2021-04-07 CVE Names: CVE-2018-20843 CVE-2019-5094 CVE-2019-5188 CVE-2019-11719 CVE-2019-11727 CVE-2019-11756 CVE-2019-12749 CVE-2019-14866 CVE-2019-15903 CVE-2019-17006 CVE-2019-17023 CVE-2019-17498 CVE-2019-19126 CVE-2019-19532 CVE-2019-19956 CVE-2019-20388 CVE-2019-20907 CVE-2020-0427 CVE-2020-1971 CVE-2020-6829 CVE-2020-7053 CVE-2020-7595 CVE-2020-8177 CVE-2020-9283 CVE-2020-12243 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403 CVE-2020-12723 CVE-2020-14040 CVE-2020-14351 CVE-2020-25211 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-28374 CVE-2020-29661 CVE-2021-20265 ===================================================================== 1. Summary: A security update for Red Hat 3scale API Management Platform is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0. Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management /2.10/html-single/installing_3scale/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 5. References: https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-5094 https://access.redhat.com/security/cve/CVE-2019-5188 https://access.redhat.com/security/cve/CVE-2019-11719 https://access.redhat.com/security/cve/CVE-2019-11727 https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-12749 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17023 https://access.redhat.com/security/cve/CVE-2019-17498 https://access.redhat.com/security/cve/CVE-2019-19126 https://access.redhat.com/security/cve/CVE-2019-19532 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2020-0427 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-6829 https://access.redhat.com/security/cve/CVE-2020-7053 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-9283 https://access.redhat.com/security/cve/CVE-2020-12243 https://access.redhat.com/security/cve/CVE-2020-12400 https://access.redhat.com/security/cve/CVE-2020-12401 https://access.redhat.com/security/cve/CVE-2020-12402 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14351 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25645 https://access.redhat.com/security/cve/CVE-2020-25656 https://access.redhat.com/security/cve/CVE-2020-25705 https://access.redhat.com/security/cve/CVE-2020-28374 https://access.redhat.com/security/cve/CVE-2020-29661 https://access.redhat.com/security/cve/CVE-2021-20265 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYG71etzjgjWX9erEAQjNixAAhj8zh6eSiTxd4KgsaKl8WPwqE4xxDh1f 0UZ8n0GcAAedgOaSxFFc81Khc40Ki/AgUBNscwdLKVrlqDcBHStpQIAhThzIqtfq OAirtdRE/HOC9TjcR4OV5TTdjGt8A9oZh34OHidQQQEsxHF26BPJ9IdGDV6BGdVi EQZFcZUFYLgLqca1AcFTC46+SqK1J4Gn6cp7fQ5GOTc6umUQqzU4xk9WFcAcjNWg v1Fo1ZYiil3BMJC3hQmwXm2HCpoq+Ckri3BrRHsCk2CwxJgAZcgDqxUXkD/4B5OE j9wswGPziSY0DE+vqR5CK393ZT0WrLj+xUgVnn5cd8XyAroybSVgjJ4lKXyyzCQY TS3an5vcxZJZK9DfLV/xWt+aOuQ1JIz3FIFQgSHgWqlfszptg2bn4GW2D05VmEV7 NwEma9bjWG6Tr2eyUqNmddVFIlEN+VoGZMBgiKLj5pUFe+Zlp5T76jIXntPdOVgX nKsil2BMrponU2iIMi7Lkp0yRUKPv8uTTZvfYqtM56U6PXygzC6y+80kfHm6YwRI NHS7zFxxmsi3Vqo2iN4SfOM75oekIsEjt0s+AD/G+/Jc/2MLa8lMUKpWuutrDzrE s0gqHMQek8Oj/F1PFoQsSg5K5vwjwqM7NCY6VOQ14YtZeFcfasOemSehzotlOm2e ifeFFW4W/6s= =Uuda -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks. The advisory addresses the following issues: * Re-release of odo-init-image 1.1.3 for security updates 3. Solution: Download and install a new CLI binary by following the instructions linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 1832983 - Release of 1.1.3 odo-init-image 5. For the oldstable distribution (stretch), this problem has been fixed in version 2.4.44+dfsg-5+deb9u4. For the stable distribution (buster), this problem has been fixed in version 2.4.47+dfsg-3+deb10u2. We recommend that you upgrade your openldap packages. For the detailed security status of openldap please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openldap Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6ofsxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qx4Q//dOnPiP6bKHrFUFtyv59tV5Zpa1jJ6BmIr3/5ueODnBu8MHLJw8503zLJ I43LDTzvGkXrxy0Y28YC5Qpv1oHW3gvPzFsTrn2DObeUnHlKOOUsyzz3saHXyyzQ ki+2UGsUXydSazDMeJzcoMfRdVpCtjc+GNTb/y7nxgwoKrz/WJplGstp2ibd8ftv Ju4uT8VJZcC3IEGhkYXJ7TENlegOK2FCewYMZARrNT/tjIDyAqfKi2muCg7oadx/ 5WZGLW7Pdw25jFknVy/Y7fEyJDWQdPH7NchK5tZy6D1lWQh67GcvJFSo5HICwb+n FilP29mIBbS96JQq6u5jWWMpAD6RPCtIltak4QdYptjdrQnTDFy3RJSTdZeis8ty HKwYJgNzVG6SCy04t3D+zeMbgEZOvj6GWrURQUqZJQmc4V9l89E0/D7zV3AX9Q9v 0hKEtpc//bZrS71QVqJvkWvrgfutB72Vnqfull+DBxvt33ma5W2il6kxGMwJK3S9 0lk60dzEDCdYp8TE61y8N4z+2IB/Otg9Ni2I8pmaE5s1/ZUva+8GhSjbmGyIhbpk p55kTiZUgpmu6EK2Kvjkh9rMlaa1IHXL8tdrbo8pRVtQHlA8/HUgoGiUHuX1h+Kw LZVjIV/L4qOFQ54uMbSscZgMEvhfW00fe3o2zI8WQZ9IPCQ3oRg= =K3JD -----END PGP SIGNATURE-----

Trust: 2.34

sources: NVD: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // PACKETSTORM: 157602 // PACKETSTORM: 161727 // PACKETSTORM: 162130 // PACKETSTORM: 161916 // PACKETSTORM: 157601 // PACKETSTORM: 168811

AFFECTED PRODUCTS

vendor:	netapp	model:	h700e	scope:	eq	version:	-	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	netapp	model:	h410c	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	netapp	model:	h500e	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.6	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	netapp	model:	h300s	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	h410s	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 1.0
vendor:	netapp	model:	h500s	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	h700s	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	solaris	scope:	eq	version:	11	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.13.0	Trust: 1.0
vendor:	broadcom	model:	brocade fabric operating system	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.10	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	lt	version:	2.4.50	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.14.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 1.0
vendor:	oracle	model:	zfs storage appliance kit	scope:	eq	version:	8.8	Trust: 1.0
vendor:	oracle	model:	solaris	scope:	eq	version:	10	Trust: 1.0
vendor:	netapp	model:	h300e	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.6	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	20.04	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	openldap	model:	openldap	scope:	eq	version:	2.4.50	Trust: 0.8

sources: JVNDB: JVNDB-2020-005084 // NVD: CVE-2020-12243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12243
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-005084
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202004-2326
value:	HIGH
Trust: 0.6
VULHUB:	VHN-164902
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-12243
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12243
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005084
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-164902
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12243
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-005084
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // CNNVD: CNNVD-202004-2326 // NVD: CVE-2020-12243

PROBLEMTYPE DATA

problemtype:	CWE-674	Trust: 1.1
problemtype:	CWE-400	Trust: 0.9

sources: VULHUB: VHN-164902 // JVNDB: JVNDB-2020-005084 // NVD: CVE-2020-12243

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 157602 // PACKETSTORM: 157601 // CNNVD: CNNVD-202004-2326

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2326

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005084

PATCH

title:	[SECURITY] [DLA 2199-1] openldap security update	url:	https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html	Trust: 0.8
title:	DSA-4666	url:	https://www.debian.org/security/2020/dsa-4666	Trust: 0.8
title:	Issue#9248	url:	https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES	Trust: 0.8
title:	ITS#9202 limit depth of nested filters	url:	https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440	Trust: 0.8
title:	Issue 9202	url:	https://bugs.openldap.org/show_bug.cgi?id=9202	Trust: 0.8
title:	OpenLDAP Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118093	Trust: 0.6
title:	Red Hat: Moderate: openldap security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204041 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: openldap vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4352-1	Trust: 0.1
title:	Ubuntu Security Notice: openldap vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4352-2	Trust: 0.1
title:	Debian Security Advisories: DSA-4666-1 openldap -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=fb4df889a45e12b120ab07487d89cbed	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1539	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1539	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204254 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204255 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4ca8040b949152189bea3a3126afcd39	Trust: 0.1
title:	Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204264 - Security Advisory	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1

sources: VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // CNNVD: CNNVD-202004-2326

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12243	Trust: 3.2
db:	PACKETSTORM	id:	157602	Trust: 0.8
db:	PACKETSTORM	id:	161727	Trust: 0.8
db:	PACKETSTORM	id:	161916	Trust: 0.8
db:	PACKETSTORM	id:	162130	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-005084	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-2326	Trust: 0.7
db:	PACKETSTORM	id:	159347	Trust: 0.7
db:	PACKETSTORM	id:	159553	Trust: 0.7
db:	PACKETSTORM	id:	162142	Trust: 0.7
db:	ICS CERT	id:	ICSA-22-116-01	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.1207	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1637	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2604	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0845	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1742.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3631	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1742	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1458	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0986	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3535	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1193	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1569	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1613	Trust: 0.6
db:	PACKETSTORM	id:	157601	Trust: 0.2
db:	PACKETSTORM	id:	159552	Trust: 0.1
db:	CNVD	id:	CNVD-2020-27485	Trust: 0.1
db:	VULHUB	id:	VHN-164902	Trust: 0.1
db:	VULMON	id:	CVE-2020-12243	Trust: 0.1
db:	PACKETSTORM	id:	168811	Trust: 0.1

sources: VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // PACKETSTORM: 157602 // PACKETSTORM: 161727 // PACKETSTORM: 162130 // PACKETSTORM: 161916 // PACKETSTORM: 157601 // PACKETSTORM: 168811 // CNNVD: CNNVD-202004-2326 // NVD: CVE-2020-12243

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-12243	Trust: 2.0
url:	https://usn.ubuntu.com/4352-1/	Trust: 1.9
url:	https://git.openldap.org/openldap/openldap/-/blob/openldap_rel_eng_2_4/changes	Trust: 1.8
url:	https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20200511-0003/	Trust: 1.8
url:	https://support.apple.com/kb/ht211289	Trust: 1.8
url:	https://www.debian.org/security/2020/dsa-4666	Trust: 1.8
url:	https://bugs.openldap.org/show_bug.cgi?id=9202	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html	Trust: 1.8
url:	https://usn.ubuntu.com/4352-2/	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12243	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1742.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3535/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1458/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1569/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-116-01	Trust: 0.6
url:	https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht211289	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0986	Trust: 0.6
url:	https://vigilance.fr/vulnerability/openldap-denial-of-service-via-search-filters-32124	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1207	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0845	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2604	Trust: 0.6
url:	https://packetstormsecurity.com/files/159347/red-hat-security-advisory-2020-4041-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/157602/ubuntu-security-notice-usn-4352-2.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1637/	Trust: 0.6
url:	https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1613/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1193	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3631/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1742/	Trust: 0.6
url:	https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17006	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-20907	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-12749	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-12401	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12402	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1971	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14866	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.3
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-17006	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-11719	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12401	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-17023	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17023	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12749	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-6829	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-14866	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-8177	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-12403	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12400	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11756	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-11756	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-12243	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-12400	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-11727	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-1971	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11719	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11727	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12403	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-17498	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17498	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20907	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-12402	Trust: 0.3
url:	https://usn.ubuntu.com/4352-1	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12723	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-12723	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5188	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5094	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-5188	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-5094	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/674.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4041	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-116-01	Trust: 0.1
url:	https://usn.ubuntu.com/4352-2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11023	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20228	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20253	Trust: 0.1
url:	https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11023	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0778	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11022	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20191	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20180	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20178	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5766	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11022	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35678	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25211	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1129	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25645	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25656	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19126	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28374	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14351	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25705	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29661	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20265	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-0427	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14351	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19532	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7053	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14040	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14040	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9283	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19126	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0427	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19532	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0949	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8177	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.4/cli_reference/openshift_developer_cli/installing-odo.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7595	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6829	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openldap/2.4.48+dfsg-1ubuntu1.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.8	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.5	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.2	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/openldap	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 161727 // PACKETSTORM: 162130 // PACKETSTORM: 161916 // CNNVD: CNNVD-202004-2326

SOURCES

db:	VULHUB	id:	VHN-164902
db:	VULMON	id:	CVE-2020-12243
db:	JVNDB	id:	JVNDB-2020-005084
db:	PACKETSTORM	id:	157602
db:	PACKETSTORM	id:	161727
db:	PACKETSTORM	id:	162130
db:	PACKETSTORM	id:	161916
db:	PACKETSTORM	id:	157601
db:	PACKETSTORM	id:	168811
db:	CNNVD	id:	CNNVD-202004-2326
db:	NVD	id:	CVE-2020-12243

LAST UPDATE DATE

2024-09-18T22:44:01.716000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-164902	date:	2022-04-29T00:00:00
db:	VULMON	id:	CVE-2020-12243	date:	2022-04-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-005084	date:	2020-06-05T00:00:00
db:	CNNVD	id:	CNNVD-202004-2326	date:	2022-04-27T00:00:00
db:	NVD	id:	CVE-2020-12243	date:	2022-04-29T13:24:38.527

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-164902	date:	2020-04-28T00:00:00
db:	VULMON	id:	CVE-2020-12243	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-005084	date:	2020-06-05T00:00:00
db:	PACKETSTORM	id:	157602	date:	2020-05-07T15:33:32
db:	PACKETSTORM	id:	161727	date:	2021-03-09T16:25:11
db:	PACKETSTORM	id:	162130	date:	2021-04-08T14:00:00
db:	PACKETSTORM	id:	161916	date:	2021-03-22T15:36:55
db:	PACKETSTORM	id:	157601	date:	2020-05-07T15:33:27
db:	PACKETSTORM	id:	168811	date:	2020-04-28T19:12:00
db:	CNNVD	id:	CNNVD-202004-2326	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2020-12243	date:	2020-04-28T19:15:12.267