ID

VAR-202004-0530


CVE

CVE-2020-12243


TITLE

OpenLDAP Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005084

DESCRIPTION

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). OpenLDAP Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. The filter.c file of slapd in versions earlier than OpenLDAP 2.4.50 has a security vulnerability. ========================================================================= Ubuntu Security Notice USN-4352-2 May 06, 2020 openldap vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: OpenLDAP could be made to crash if it received specially crafted network traffic. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: slapd 2.4.31-1+nmu2ubuntu8.5+esm2 Ubuntu 12.04 ESM: slapd 2.4.28-1.1ubuntu4.10 In general, a standard system update will make all the necessary changes. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. Summary: Red Hat Ansible Automation Platform Resource Operator 1.2 (technical preview) images that fix several security issues. Description: Red Hat Ansible Automation Platform Resource Operator container images with security fixes. Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openldap security update Advisory ID: RHSA-2020:4041-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4041 Issue date: 2020-09-29 CVE Names: CVE-2020-12243 ==================================================================== 1. Summary: An update for openldap is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openldap-2.4.44-22.el7.src.rpm x86_64: openldap-2.4.44-22.el7.i686.rpm openldap-2.4.44-22.el7.x86_64.rpm openldap-clients-2.4.44-22.el7.x86_64.rpm openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-devel-2.4.44-22.el7.i686.rpm openldap-devel-2.4.44-22.el7.x86_64.rpm openldap-servers-2.4.44-22.el7.x86_64.rpm openldap-servers-sql-2.4.44-22.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openldap-2.4.44-22.el7.src.rpm x86_64: openldap-2.4.44-22.el7.i686.rpm openldap-2.4.44-22.el7.x86_64.rpm openldap-clients-2.4.44-22.el7.x86_64.rpm openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-devel-2.4.44-22.el7.i686.rpm openldap-devel-2.4.44-22.el7.x86_64.rpm openldap-servers-2.4.44-22.el7.x86_64.rpm openldap-servers-sql-2.4.44-22.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openldap-2.4.44-22.el7.src.rpm ppc64: openldap-2.4.44-22.el7.ppc.rpm openldap-2.4.44-22.el7.ppc64.rpm openldap-clients-2.4.44-22.el7.ppc64.rpm openldap-debuginfo-2.4.44-22.el7.ppc.rpm openldap-debuginfo-2.4.44-22.el7.ppc64.rpm openldap-devel-2.4.44-22.el7.ppc.rpm openldap-devel-2.4.44-22.el7.ppc64.rpm openldap-servers-2.4.44-22.el7.ppc64.rpm ppc64le: openldap-2.4.44-22.el7.ppc64le.rpm openldap-clients-2.4.44-22.el7.ppc64le.rpm openldap-debuginfo-2.4.44-22.el7.ppc64le.rpm openldap-devel-2.4.44-22.el7.ppc64le.rpm openldap-servers-2.4.44-22.el7.ppc64le.rpm s390x: openldap-2.4.44-22.el7.s390.rpm openldap-2.4.44-22.el7.s390x.rpm openldap-clients-2.4.44-22.el7.s390x.rpm openldap-debuginfo-2.4.44-22.el7.s390.rpm openldap-debuginfo-2.4.44-22.el7.s390x.rpm openldap-devel-2.4.44-22.el7.s390.rpm openldap-devel-2.4.44-22.el7.s390x.rpm openldap-servers-2.4.44-22.el7.s390x.rpm x86_64: openldap-2.4.44-22.el7.i686.rpm openldap-2.4.44-22.el7.x86_64.rpm openldap-clients-2.4.44-22.el7.x86_64.rpm openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-devel-2.4.44-22.el7.i686.rpm openldap-devel-2.4.44-22.el7.x86_64.rpm openldap-servers-2.4.44-22.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openldap-debuginfo-2.4.44-22.el7.ppc64.rpm openldap-servers-sql-2.4.44-22.el7.ppc64.rpm ppc64le: openldap-debuginfo-2.4.44-22.el7.ppc64le.rpm openldap-servers-sql-2.4.44-22.el7.ppc64le.rpm s390x: openldap-debuginfo-2.4.44-22.el7.s390x.rpm openldap-servers-sql-2.4.44-22.el7.s390x.rpm x86_64: openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-servers-sql-2.4.44-22.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openldap-2.4.44-22.el7.src.rpm x86_64: openldap-2.4.44-22.el7.i686.rpm openldap-2.4.44-22.el7.x86_64.rpm openldap-clients-2.4.44-22.el7.x86_64.rpm openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-devel-2.4.44-22.el7.i686.rpm openldap-devel-2.4.44-22.el7.x86_64.rpm openldap-servers-2.4.44-22.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-servers-sql-2.4.44-22.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12243 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3Of5NzjgjWX9erEAQjUBg/+LuTU5msGMECYNN1kTZeKEOLCX9BedipK jEUYzVTDdrrVglmfre4vnt8I5vLaVHoWD9Azv/0T7C7PqoDQTa+DuXgmUJ0gST8u MVhEsiDzTb2JPEPT0G5Mn/S7bL5buthYDlHJxTlnPimuvYBYIRRnP/65Kw0KnKyH Jd0lheTvX0I6MbH+vArqU6LHeX21tvfPHlqfPWz3adCvqk7T0mKTM2N2qbeaeyMk NPkqy4L/79s897+76c8PaS9VNIC+zTq78V24n/VXE29tYr6lz5AI/PsyqqAg9u2W RwfngfaX47EBTWo5z+Wm3q+Jr2zpv2zEBOu0yxl/PUH0Knk2S5pu1u7Ou7jDC3ty 4mCWo50wLOjkXspYQ1TWBhlGTe2fTVhH3l5emSR2z7y8bOKXR+GTS16uJ/un/Plr 0AU3pnJNPTtEYGzvNRNrw2IFsN3TAnhZnve0LerryIsyc/3tz6UhdeLKCw5lScYl ljGRanFYnwLL9+/h0CgjudrjtkB7F0SYNwiuSvr4yeAGG+/B6KFvtdii99azWhKf BqT1maqEizgtGaWIenkEMHYWHReC79Q+0DC9cyZGe5NJlndXZP0i1IkzL6wOLbAS DFqkF35KUgcQFh+kyPblKhX3HK3ZtBEFTeoV6rEQsgV8bU9HqFd1rjt/805/rIjk ZiAkpTmTglI=6TQF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: * Updated python-psutil version to 5.6.6 inside ansible-runner container (CVE-2019-18874) 3. Bugs fixed (https://bugzilla.redhat.com/): 1772014 - CVE-2019-18874 python-psutil: double free because of refcount mishandling 5. For the oldstable distribution (stretch), this problem has been fixed in version 2.4.44+dfsg-5+deb9u4. For the stable distribution (buster), this problem has been fixed in version 2.4.47+dfsg-3+deb10u2. For the detailed security status of openldap please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openldap Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6ofsxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qx4Q//dOnPiP6bKHrFUFtyv59tV5Zpa1jJ6BmIr3/5ueODnBu8MHLJw8503zLJ I43LDTzvGkXrxy0Y28YC5Qpv1oHW3gvPzFsTrn2DObeUnHlKOOUsyzz3saHXyyzQ ki+2UGsUXydSazDMeJzcoMfRdVpCtjc+GNTb/y7nxgwoKrz/WJplGstp2ibd8ftv Ju4uT8VJZcC3IEGhkYXJ7TENlegOK2FCewYMZARrNT/tjIDyAqfKi2muCg7oadx/ 5WZGLW7Pdw25jFknVy/Y7fEyJDWQdPH7NchK5tZy6D1lWQh67GcvJFSo5HICwb+n FilP29mIBbS96JQq6u5jWWMpAD6RPCtIltak4QdYptjdrQnTDFy3RJSTdZeis8ty HKwYJgNzVG6SCy04t3D+zeMbgEZOvj6GWrURQUqZJQmc4V9l89E0/D7zV3AX9Q9v 0hKEtpc//bZrS71QVqJvkWvrgfutB72Vnqfull+DBxvt33ma5W2il6kxGMwJK3S9 0lk60dzEDCdYp8TE61y8N4z+2IB/Otg9Ni2I8pmaE5s1/ZUva+8GhSjbmGyIhbpk p55kTiZUgpmu6EK2Kvjkh9rMlaa1IHXL8tdrbo8pRVtQHlA8/HUgoGiUHuX1h+Kw LZVjIV/L4qOFQ54uMbSscZgMEvhfW00fe3o2zI8WQZ9IPCQ3oRg= =K3JD -----END PGP SIGNATURE-----

Trust: 2.43

sources: NVD: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // PACKETSTORM: 157602 // PACKETSTORM: 161727 // PACKETSTORM: 162142 // PACKETSTORM: 159553 // PACKETSTORM: 159347 // PACKETSTORM: 159552 // PACKETSTORM: 168811

AFFECTED PRODUCTS

vendor:netappmodel:h700escope:eqversion: -

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:h500escope:eqversion: -

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:solarisscope:eqversion:11

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.13.0

Trust: 1.0

vendor:broadcommodel:brocade fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:openldapmodel:openldapscope:ltversion:2.4.50

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 1.0

vendor:netappmodel:h300escope:eqversion: -

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:20.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:openldapmodel:openldapscope:eqversion:2.4.50

Trust: 0.8

sources: JVNDB: JVNDB-2020-005084 // NVD: CVE-2020-12243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12243
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005084
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-2326
value: HIGH

Trust: 0.6

VULHUB: VHN-164902
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-12243
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-12243
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005084
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-164902
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-12243
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005084
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // CNNVD: CNNVD-202004-2326 // NVD: CVE-2020-12243

PROBLEMTYPE DATA

problemtype:CWE-674

Trust: 1.1

problemtype:CWE-400

Trust: 0.9

sources: VULHUB: VHN-164902 // JVNDB: JVNDB-2020-005084 // NVD: CVE-2020-12243

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 157602 // CNNVD: CNNVD-202004-2326

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2326

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005084

PATCH

title:[SECURITY] [DLA 2199-1] openldap security updateurl:https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html

Trust: 0.8

title:DSA-4666url:https://www.debian.org/security/2020/dsa-4666

Trust: 0.8

title:Issue#9248url:https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES

Trust: 0.8

title:ITS#9202 limit depth of nested filtersurl:https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440

Trust: 0.8

title:Issue 9202url:https://bugs.openldap.org/show_bug.cgi?id=9202

Trust: 0.8

title:OpenLDAP Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118093

Trust: 0.6

title:Red Hat: Moderate: openldap security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204041 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: openldap vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4352-1

Trust: 0.1

title:Ubuntu Security Notice: openldap vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4352-2

Trust: 0.1

title:Debian Security Advisories: DSA-4666-1 openldap -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=fb4df889a45e12b120ab07487d89cbed

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1539url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1539

Trust: 0.1

title:Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204254 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204255 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4ca8040b949152189bea3a3126afcd39

Trust: 0.1

title:Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204264 - Security Advisory

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

sources: VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // CNNVD: CNNVD-202004-2326

EXTERNAL IDS

db:NVDid:CVE-2020-12243

Trust: 3.3

db:PACKETSTORMid:157602

Trust: 0.8

db:PACKETSTORMid:161727

Trust: 0.8

db:PACKETSTORMid:159347

Trust: 0.8

db:PACKETSTORMid:159553

Trust: 0.8

db:PACKETSTORMid:162142

Trust: 0.8

db:JVNDBid:JVNDB-2020-005084

Trust: 0.8

db:CNNVDid:CNNVD-202004-2326

Trust: 0.7

db:PACKETSTORMid:161916

Trust: 0.7

db:PACKETSTORMid:162130

Trust: 0.7

db:ICS CERTid:ICSA-22-116-01

Trust: 0.7

db:AUSCERTid:ESB-2021.1207

Trust: 0.6

db:AUSCERTid:ESB-2020.1637

Trust: 0.6

db:AUSCERTid:ESB-2021.2604

Trust: 0.6

db:AUSCERTid:ESB-2021.0845

Trust: 0.6

db:AUSCERTid:ESB-2020.1742.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3631

Trust: 0.6

db:AUSCERTid:ESB-2020.1742

Trust: 0.6

db:AUSCERTid:ESB-2020.1458

Trust: 0.6

db:AUSCERTid:ESB-2021.0986

Trust: 0.6

db:AUSCERTid:ESB-2020.3535

Trust: 0.6

db:AUSCERTid:ESB-2021.1193

Trust: 0.6

db:AUSCERTid:ESB-2020.1569

Trust: 0.6

db:AUSCERTid:ESB-2020.1613

Trust: 0.6

db:PACKETSTORMid:159552

Trust: 0.2

db:PACKETSTORMid:157601

Trust: 0.1

db:CNVDid:CNVD-2020-27485

Trust: 0.1

db:VULHUBid:VHN-164902

Trust: 0.1

db:VULMONid:CVE-2020-12243

Trust: 0.1

db:PACKETSTORMid:168811

Trust: 0.1

sources: VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // PACKETSTORM: 157602 // PACKETSTORM: 161727 // PACKETSTORM: 162142 // PACKETSTORM: 159553 // PACKETSTORM: 159347 // PACKETSTORM: 159552 // PACKETSTORM: 168811 // CNNVD: CNNVD-202004-2326 // NVD: CVE-2020-12243

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-12243

Trust: 2.1

url:https://usn.ubuntu.com/4352-1/

Trust: 1.9

url:https://git.openldap.org/openldap/openldap/-/blob/openldap_rel_eng_2_4/changes

Trust: 1.8

url:https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20200511-0003/

Trust: 1.8

url:https://support.apple.com/kb/ht211289

Trust: 1.8

url:https://www.debian.org/security/2020/dsa-4666

Trust: 1.8

url:https://bugs.openldap.org/show_bug.cgi?id=9202

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html

Trust: 1.8

url:https://usn.ubuntu.com/4352-2/

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12243

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.1742.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3535/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1458/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1569/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-116-01

Trust: 0.6

url:https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html

Trust: 0.6

url:https://support.apple.com/en-us/ht211289

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0986

Trust: 0.6

url:https://vigilance.fr/vulnerability/openldap-denial-of-service-via-search-filters-32124

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1207

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0845

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2604

Trust: 0.6

url:https://packetstormsecurity.com/files/159347/red-hat-security-advisory-2020-4041-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/157602/ubuntu-security-notice-usn-4352-2.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1637/

Trust: 0.6

url:https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1613/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1193

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3631/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1742/

Trust: 0.6

url:https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-12243

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-17006

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-12749

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12401

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-7595

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-17006

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-11719

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-20388

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-17023

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17023

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-12749

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-6829

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12403

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-12400

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-20388

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-19956

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11756

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-11756

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12400

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-11727

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11719

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11727

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-19956

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-17498

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17498

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12402

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-5188

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-12652

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17546

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-14973

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-17546

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-12652

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-5094

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-5188

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-5094

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-14973

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-5313

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2020:4041

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20907

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12402

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1971

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20228

Trust: 0.2

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12401

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8177

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20191

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1971

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20180

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12403

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20178

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20907

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19126

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1240

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20386

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-18874

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-12450

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14822

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14822

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20386

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-18874

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14365

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-16935

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19126

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5482

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-16935

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5482

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-12450

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/674.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-116-01

Trust: 0.1

url:https://usn.ubuntu.com/4352-2

Trust: 0.1

url:https://usn.ubuntu.com/4352-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12723

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11023

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20372

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10878

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20253

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11023

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12723

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5766

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10878

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20372

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35678

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1079

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8625

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15999

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3156

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3447

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-5313

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15999

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14422

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14422

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4255

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4254

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openldap

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

sources: VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // PACKETSTORM: 157602 // PACKETSTORM: 161727 // PACKETSTORM: 162142 // PACKETSTORM: 159553 // PACKETSTORM: 159347 // PACKETSTORM: 159552 // PACKETSTORM: 168811 // CNNVD: CNNVD-202004-2326 // NVD: CVE-2020-12243

CREDITS

Red Hat

Trust: 1.1

sources: PACKETSTORM: 161727 // PACKETSTORM: 162142 // PACKETSTORM: 159553 // PACKETSTORM: 159347 // PACKETSTORM: 159552 // CNNVD: CNNVD-202004-2326

SOURCES

db:VULHUBid:VHN-164902
db:VULMONid:CVE-2020-12243
db:JVNDBid:JVNDB-2020-005084
db:PACKETSTORMid:157602
db:PACKETSTORMid:161727
db:PACKETSTORMid:162142
db:PACKETSTORMid:159553
db:PACKETSTORMid:159347
db:PACKETSTORMid:159552
db:PACKETSTORMid:168811
db:CNNVDid:CNNVD-202004-2326
db:NVDid:CVE-2020-12243

LAST UPDATE DATE

2024-11-20T21:31:41.284000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-164902date:2022-04-29T00:00:00
db:VULMONid:CVE-2020-12243date:2022-04-29T00:00:00
db:JVNDBid:JVNDB-2020-005084date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202004-2326date:2022-04-27T00:00:00
db:NVDid:CVE-2020-12243date:2022-04-29T13:24:38.527

SOURCES RELEASE DATE

db:VULHUBid:VHN-164902date:2020-04-28T00:00:00
db:VULMONid:CVE-2020-12243date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2020-005084date:2020-06-05T00:00:00
db:PACKETSTORMid:157602date:2020-05-07T15:33:32
db:PACKETSTORMid:161727date:2021-03-09T16:25:11
db:PACKETSTORMid:162142date:2021-04-09T15:06:13
db:PACKETSTORMid:159553date:2020-10-14T16:52:18
db:PACKETSTORMid:159347date:2020-09-30T15:43:05
db:PACKETSTORMid:159552date:2020-10-14T16:52:12
db:PACKETSTORMid:168811date:2020-04-28T19:12:00
db:CNNVDid:CNNVD-202004-2326date:2020-04-28T00:00:00
db:NVDid:CVE-2020-12243date:2020-04-28T19:15:12.267