ID

VAR-202004-0530


CVE

CVE-2020-12243


TITLE

OpenLDAP Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005084

DESCRIPTION

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). OpenLDAP Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. The filter.c file of slapd in versions earlier than OpenLDAP 2.4.50 has a security vulnerability. For the oldstable distribution (stretch), this problem has been fixed in version 2.4.44+dfsg-5+deb9u4. For the stable distribution (buster), this problem has been fixed in version 2.4.47+dfsg-3+deb10u2. We recommend that you upgrade your openldap packages. For the detailed security status of openldap please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openldap Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6ofsxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qx4Q//dOnPiP6bKHrFUFtyv59tV5Zpa1jJ6BmIr3/5ueODnBu8MHLJw8503zLJ I43LDTzvGkXrxy0Y28YC5Qpv1oHW3gvPzFsTrn2DObeUnHlKOOUsyzz3saHXyyzQ ki+2UGsUXydSazDMeJzcoMfRdVpCtjc+GNTb/y7nxgwoKrz/WJplGstp2ibd8ftv Ju4uT8VJZcC3IEGhkYXJ7TENlegOK2FCewYMZARrNT/tjIDyAqfKi2muCg7oadx/ 5WZGLW7Pdw25jFknVy/Y7fEyJDWQdPH7NchK5tZy6D1lWQh67GcvJFSo5HICwb+n FilP29mIBbS96JQq6u5jWWMpAD6RPCtIltak4QdYptjdrQnTDFy3RJSTdZeis8ty HKwYJgNzVG6SCy04t3D+zeMbgEZOvj6GWrURQUqZJQmc4V9l89E0/D7zV3AX9Q9v 0hKEtpc//bZrS71QVqJvkWvrgfutB72Vnqfull+DBxvt33ma5W2il6kxGMwJK3S9 0lk60dzEDCdYp8TE61y8N4z+2IB/Otg9Ni2I8pmaE5s1/ZUva+8GhSjbmGyIhbpk p55kTiZUgpmu6EK2Kvjkh9rMlaa1IHXL8tdrbo8pRVtQHlA8/HUgoGiUHuX1h+Kw LZVjIV/L4qOFQ54uMbSscZgMEvhfW00fe3o2zI8WQZ9IPCQ3oRg= =K3JD -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-4352-2 May 06, 2020 openldap vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: OpenLDAP could be made to crash if it received specially crafted network traffic. Software Description: - openldap: Lightweight Directory Access Protocol Details: USN-4352-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: slapd 2.4.31-1+nmu2ubuntu8.5+esm2 Ubuntu 12.04 ESM: slapd 2.4.28-1.1ubuntu4.10 In general, a standard system update will make all the necessary changes. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Ansible Automation Platform Operator 1.2 security update Advisory ID: RHSA-2021:1079-01 Product: Red Hat Ansible Automation Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:1079 Issue date: 2021-04-06 Keywords: Security Update CVE Names: CVE-2017-12652 CVE-2018-20843 CVE-2019-5094 CVE-2019-5188 CVE-2019-11719 CVE-2019-11727 CVE-2019-11756 CVE-2019-12749 CVE-2019-14866 CVE-2019-14973 CVE-2019-15903 CVE-2019-17006 CVE-2019-17023 CVE-2019-17498 CVE-2019-17546 CVE-2019-19956 CVE-2019-20388 CVE-2019-20907 CVE-2020-1971 CVE-2020-5313 CVE-2020-6829 CVE-2020-7595 CVE-2020-8177 CVE-2020-8625 CVE-2020-12243 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403 CVE-2020-14422 CVE-2020-15999 CVE-2021-3156 CVE-2021-3447 CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 CVE-2021-20228 ==================================================================== 1. Summary: Red Hat Ansible Automation Platform Resource Operator 1.2 (technical preview) images that fix several security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Ansible Automation Platform Resource Operator container images with security fixes. Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Security fixes: CVE-2021-20191 ansible: multiple modules expose secured values [ansible_automation_platform-1.2] (BZ#1916813) CVE-2021-20178 ansible: user data leak in snmp_facts module [ansible_automation_platform-1.2] (BZ#1914774) CVE-2021-20180 ansible: ansible module: bitbucket_pipeline_variable exposes secured values [ansible_automation_platform-1.2] (BZ#1915808) CVE-2021-20228 ansible: basic.py no_log with fallback option [ansible_automation_platform-1.2] (BZ#1925002) CVE-2021-3447 ansible: multiple modules expose secured values [ansible_automation_platform-1.2] (BZ#1939349) For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values 5. References: https://access.redhat.com/security/cve/CVE-2017-12652 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-5094 https://access.redhat.com/security/cve/CVE-2019-5188 https://access.redhat.com/security/cve/CVE-2019-11719 https://access.redhat.com/security/cve/CVE-2019-11727 https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-12749 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-14973 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17023 https://access.redhat.com/security/cve/CVE-2019-17498 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-5313 https://access.redhat.com/security/cve/CVE-2020-6829 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8625 https://access.redhat.com/security/cve/CVE-2020-12243 https://access.redhat.com/security/cve/CVE-2020-12400 https://access.redhat.com/security/cve/CVE-2020-12401 https://access.redhat.com/security/cve/CVE-2020-12402 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/cve/CVE-2021-3447 https://access.redhat.com/security/cve/CVE-2021-20178 https://access.redhat.com/security/cve/CVE-2021-20180 https://access.redhat.com/security/cve/CVE-2021-20191 https://access.redhat.com/security/cve/CVE-2021-20228 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/cve/CVE-2021-20191 https://access.redhat.com/security/cve/CVE-2021-20178 https://access.redhat.com/security/cve/CVE-2021-20180 https://access.redhat.com/security/cve/CVE-2021-20228 https://access.redhat.com/security/cve/CVE-2021-3447 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYHBeatzjgjWX9erEAQhLuw//QLV4QWc4E9o8cG3IJr3xIt6b/OHs6b9s hp04e5kT7IWFpmR3VXK+BEK2dd+NiGdvXPOpwe4BaOUWEDmq+dx4Vac5Z0GcZJUK AJz8dXFPYBgIafuIkWyY9UIvSO/VsQ2Dr4+KUnB1obALAz3ndSoQJFS1hysFBXHS +MulKiYVwFw7UbfvGuFLjmLrNTAflVa9MHmdh3P53bU+U2mCgzuHTFIpodkZhuIt aIR0H/dgHXXG8co20Zb5Nciqr0CxqejQ+xz84Yu0I+y1LWdBAhi34c3zJY4rlEQS 6/nfcsSPEadNCTXQu/TX6yvo6sE8A7/xGh1PDf0PLVv+Xh7TE53MtmTnYcl8uiRO 9m3CfJ7PLO2hpl6QuJzuUe7nXx65/qIoKQjZfNpZVXj/LQtL1F4RE7szmswIGNZL IG51pYEUE98aR3gIlLpoMjW4vtC+rdcwSBaLW5gH1Q5hNRlTLmFBTKmYNkCpd4Ho NP3AKEwx9R8ZdGYcCuZwYPvSQSqX+B9qURw5G4E/vbso8Vh9RYQ3kusnf93Q/1LG ImHCbsVWJDMMt/NRj5OvqgZc18ROqHhSpuJ+A44VCI+UihkZb2ai4DjGef0WHZhq XTMyLECTJIwM4aY+BC1ohYm0Whvs/w/hd03tGFBJhlIoBYakY6o8lRD7hCc8E/YI dEQ0aSabgEY=D/Lt -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: * Updated python-psutil version to 5.6.6 inside ansible-runner container (CVE-2019-18874) 3. Bugs fixed (https://bugzilla.redhat.com/): 1772014 - CVE-2019-18874 python-psutil: double free because of refcount mishandling 5

Trust: 2.34

sources: NVD: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // PACKETSTORM: 168811 // PACKETSTORM: 157602 // PACKETSTORM: 161727 // PACKETSTORM: 162142 // PACKETSTORM: 159553 // PACKETSTORM: 157601

AFFECTED PRODUCTS

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h300escope:eqversion: -

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:netappmodel:h700escope:eqversion: -

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.6

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:solarisscope:eqversion:11

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:20.04

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.13.0

Trust: 1.0

vendor:broadcommodel:brocade fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:netappmodel:h500escope:eqversion: -

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:openldapmodel:openldapscope:ltversion:2.4.50

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:openldapmodel:openldapscope:eqversion:2.4.50

Trust: 0.8

sources: JVNDB: JVNDB-2020-005084 // NVD: CVE-2020-12243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12243
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005084
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-2326
value: HIGH

Trust: 0.6

VULHUB: VHN-164902
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-12243
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-12243
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005084
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-164902
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-12243
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005084
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // CNNVD: CNNVD-202004-2326 // NVD: CVE-2020-12243

PROBLEMTYPE DATA

problemtype:CWE-674

Trust: 1.1

problemtype:CWE-400

Trust: 0.9

sources: VULHUB: VHN-164902 // JVNDB: JVNDB-2020-005084 // NVD: CVE-2020-12243

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 157602 // PACKETSTORM: 157601 // CNNVD: CNNVD-202004-2326

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2326

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005084

PATCH

title:[SECURITY] [DLA 2199-1] openldap security updateurl:https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html

Trust: 0.8

title:DSA-4666url:https://www.debian.org/security/2020/dsa-4666

Trust: 0.8

title:Issue#9248url:https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES

Trust: 0.8

title:ITS#9202 limit depth of nested filtersurl:https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440

Trust: 0.8

title:Issue 9202url:https://bugs.openldap.org/show_bug.cgi?id=9202

Trust: 0.8

title:OpenLDAP Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118093

Trust: 0.6

title:Red Hat: Moderate: openldap security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204041 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: openldap vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4352-1

Trust: 0.1

title:Ubuntu Security Notice: openldap vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4352-2

Trust: 0.1

title:Debian Security Advisories: DSA-4666-1 openldap -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=fb4df889a45e12b120ab07487d89cbed

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1539url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1539

Trust: 0.1

title:Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204254 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204255 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4ca8040b949152189bea3a3126afcd39

Trust: 0.1

title:Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204264 - Security Advisory

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

sources: VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // CNNVD: CNNVD-202004-2326

EXTERNAL IDS

db:NVDid:CVE-2020-12243

Trust: 3.2

db:PACKETSTORMid:157602

Trust: 0.8

db:PACKETSTORMid:161727

Trust: 0.8

db:PACKETSTORMid:159553

Trust: 0.8

db:PACKETSTORMid:162142

Trust: 0.8

db:JVNDBid:JVNDB-2020-005084

Trust: 0.8

db:CNNVDid:CNNVD-202004-2326

Trust: 0.7

db:PACKETSTORMid:159347

Trust: 0.7

db:PACKETSTORMid:161916

Trust: 0.7

db:PACKETSTORMid:162130

Trust: 0.7

db:ICS CERTid:ICSA-22-116-01

Trust: 0.7

db:AUSCERTid:ESB-2021.1207

Trust: 0.6

db:AUSCERTid:ESB-2020.1637

Trust: 0.6

db:AUSCERTid:ESB-2021.2604

Trust: 0.6

db:AUSCERTid:ESB-2021.0845

Trust: 0.6

db:AUSCERTid:ESB-2020.1742.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3631

Trust: 0.6

db:AUSCERTid:ESB-2020.1742

Trust: 0.6

db:AUSCERTid:ESB-2020.1458

Trust: 0.6

db:AUSCERTid:ESB-2021.0986

Trust: 0.6

db:AUSCERTid:ESB-2020.3535

Trust: 0.6

db:AUSCERTid:ESB-2021.1193

Trust: 0.6

db:AUSCERTid:ESB-2020.1569

Trust: 0.6

db:AUSCERTid:ESB-2020.1613

Trust: 0.6

db:PACKETSTORMid:157601

Trust: 0.2

db:PACKETSTORMid:159552

Trust: 0.1

db:CNVDid:CNVD-2020-27485

Trust: 0.1

db:VULHUBid:VHN-164902

Trust: 0.1

db:VULMONid:CVE-2020-12243

Trust: 0.1

db:PACKETSTORMid:168811

Trust: 0.1

sources: VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // PACKETSTORM: 168811 // PACKETSTORM: 157602 // PACKETSTORM: 161727 // PACKETSTORM: 162142 // PACKETSTORM: 159553 // PACKETSTORM: 157601 // CNNVD: CNNVD-202004-2326 // NVD: CVE-2020-12243

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-12243

Trust: 2.0

url:https://usn.ubuntu.com/4352-1/

Trust: 1.9

url:https://git.openldap.org/openldap/openldap/-/blob/openldap_rel_eng_2_4/changes

Trust: 1.8

url:https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20200511-0003/

Trust: 1.8

url:https://support.apple.com/kb/ht211289

Trust: 1.8

url:https://www.debian.org/security/2020/dsa-4666

Trust: 1.8

url:https://bugs.openldap.org/show_bug.cgi?id=9202

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html

Trust: 1.8

url:https://usn.ubuntu.com/4352-2/

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12243

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.1742.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3535/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1458/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1569/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-116-01

Trust: 0.6

url:https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html

Trust: 0.6

url:https://support.apple.com/en-us/ht211289

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0986

Trust: 0.6

url:https://vigilance.fr/vulnerability/openldap-denial-of-service-via-search-filters-32124

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1207

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0845

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2604

Trust: 0.6

url:https://packetstormsecurity.com/files/159347/red-hat-security-advisory-2020-4041-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/157602/ubuntu-security-notice-usn-4352-2.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1637/

Trust: 0.6

url:https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1613/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1193

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3631/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1742/

Trust: 0.6

url:https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-17006

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-12749

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-12401

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-7595

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-17006

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11719

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20388

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-17023

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17023

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-12749

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-6829

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-12403

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12400

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20388

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-19956

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-11756

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11756

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-12243

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-12400

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11727

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-11719

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-11727

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-19956

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-17498

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17498

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-12402

Trust: 0.3

url:https://usn.ubuntu.com/4352-1

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20907

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12402

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1971

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20228

Trust: 0.2

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12401

Trust: 0.2

url:https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8177

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20191

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1971

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20180

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12403

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20178

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20907

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5188

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-12652

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17546

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14973

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17546

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-12652

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5094

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5188

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5094

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14973

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-5313

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/674.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4041

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-116-01

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openldap

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://usn.ubuntu.com/4352-2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12723

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11023

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20372

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10878

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20253

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11023

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12723

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5766

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10878

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20372

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35678

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1079

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8625

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15999

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3156

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3447

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-5313

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15999

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14422

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14422

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19126

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1240

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20386

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18874

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12450

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4255

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14822

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14822

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20386

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18874

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14365

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16935

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5482

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16935

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5482

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12450

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.48+dfsg-1ubuntu1.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.8

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.2

Trust: 0.1

sources: VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // PACKETSTORM: 168811 // PACKETSTORM: 157602 // PACKETSTORM: 161727 // PACKETSTORM: 162142 // PACKETSTORM: 159553 // PACKETSTORM: 157601 // CNNVD: CNNVD-202004-2326 // NVD: CVE-2020-12243

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 161727 // PACKETSTORM: 162142 // PACKETSTORM: 159553 // CNNVD: CNNVD-202004-2326

SOURCES

db:VULHUBid:VHN-164902
db:VULMONid:CVE-2020-12243
db:JVNDBid:JVNDB-2020-005084
db:PACKETSTORMid:168811
db:PACKETSTORMid:157602
db:PACKETSTORMid:161727
db:PACKETSTORMid:162142
db:PACKETSTORMid:159553
db:PACKETSTORMid:157601
db:CNNVDid:CNNVD-202004-2326
db:NVDid:CVE-2020-12243

LAST UPDATE DATE

2024-12-21T19:57:18.702000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-164902date:2022-04-29T00:00:00
db:VULMONid:CVE-2020-12243date:2022-04-29T00:00:00
db:JVNDBid:JVNDB-2020-005084date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2326date:2022-04-27T00:00:00
db:NVDid:CVE-2020-12243date:2024-11-21T04:59:22.057

SOURCES RELEASE DATE

db:VULHUBid:VHN-164902date:2020-04-28T00:00:00
db:VULMONid:CVE-2020-12243date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2020-005084date:2020-06-05T00:00:00
db:PACKETSTORMid:168811date:2020-04-28T19:12:00
db:PACKETSTORMid:157602date:2020-05-07T15:33:32
db:PACKETSTORMid:161727date:2021-03-09T16:25:11
db:PACKETSTORMid:162142date:2021-04-09T15:06:13
db:PACKETSTORMid:159553date:2020-10-14T16:52:18
db:PACKETSTORMid:157601date:2020-05-07T15:33:27
db:CNNVDid:CNNVD-202004-2326date:2020-04-28T00:00:00
db:NVDid:CVE-2020-12243date:2020-04-28T19:15:12.267